News
BBC, MSN and NFL.com all hit by new Angler Exploit Kit in Major Malvertising Campaign
March 2016 by Bromium
A report by Trustwave has exposed a new malvertising campaign that has succeeded in
putting ads that redirect to the Angler Exploit Kit on to “very popular
websites” around the world. Malwarebytes has since revealed these websites include
MSN, NY Times, BBC and NFL.com. The Angler exploit kit continues to innovate and
come up with new ways of infecting victims, this time acquiring an expired domain of
a small advertising company that provides it with high quality traffic from popular
websites. Once the victim has been successfully exploited they are hit with a double
punch of both the Bedep Trojan and the TeslaCrypt ransomware.
See below the commentary from Fraser
Kyne, Principal Systems Engineer at Bromium:
“Malvertising is highly effective because cyber criminals can target their attacks
to specific demographics, and deliver them with tremendous volume. The online
advertising model is such that ad networks simply cannot verify the validity of each
and every advertisement it serves, which ultimately passes the cost of security onto
security teams. Most of these adverts are flash, basically enabling complicated
things to be done within the environment of the webpage and really rely on the very
fragile security of the flash, the flash engine and the browse. With this level and
amount of code, and the complexity of it, it is very challenging to secure.
Ransomware is a highly pernicious attack; the initial compromise may occur through
any number of exploits, but the end result is the encryption of all files on a
system. These attacks demand payment for the key to unencrypt these locked files.
Depending on the value of the encrypted data, organisations may feel compelled to
pay the ransom, but making a payment only encourages these attacks to continue.
In order to prevent malvertisements, ransomware and other endpoint attacks,
organisations should invest in strong endpoint protection. Most traditional endpoint
protection solutions are failing because they rely on detection, which allow many
attacks to succeed. Instead, organisations should investigate proactive protection,
in the form of prevention, such as endpoint threat isolation or virtualization based
security. This way even if the ad does turn out to be malicious it can compromise
the web browser and the environment but because it is running in a micro-vm it
won’t have any impact on any other websites visited, your documents or your
operating system. Additionally, ad-blocking browser extensions can be a highly
effective way of mitigating malvertising attacks. Ransomware is much more difficult
to mitigate, but frequent back-ups of valuable data can make remediation much
easier.”
