RIG Attack Toolkit Results in an Increased Malevolent Traffic; Cisco
One lately-introduced attack toolkit, nicknamed 'RIG,' has caused an enormous rise in Web-traffic, says Cisco a security company. The toolkit has become prominent since it exploits one Silverlight security flaw in an attempt to exercise a malvertising trick.
The majority of RIG's utilization relates to distribution of the most recent ransomware called Cryptowall that imitates the already notorious CryptoLocker that utilizes one encryption system involving an unlocking code towards keeping victims' data non-accessible to them.
Cisco as well states that the toolkit largely depends on Silverlight just as the Angler and Fiesta toolkits did.
The company's researchers explained that similar as those other toolkits, RIG had been observed utilizing malvertising for carrying out drive-by assault against Web-surfers of high-profile, genuine sites. That was responsible for the voluminous Web-traffic witnessed during May, 2014.
By utilizing malvertising, it becomes simpler for criminals to propagate their ware, considering that there's a many-to-one association among online sites and the associated advertisements incorporated inside them. Identical advertisements can be provided on several websites, while an identical website may provide several separate advertisements.
The different websites impacted with RIG are apps.facebook.com, altervista.org, ebay.in, go.com, theguardian.com and wiki.answers.com. The majority of end-users affected are inside USA (42%) and UK (31%).
Cisco cautions that the fresh sample is thriving while it has encrypted 90 domain names associated with Cryptowall as well as RIG, which attacked 17% of the customers who used its cloud-based protection online.
Before May 22, 2014, cyber crooks utilized both newly-created URLs and 'hijacked' lawful websites for supporting the landing sites. Now, running WordPress is common with several of the compromised URLs which have been possibly hijacked via brute-force assaults instead of security flaws within them, Cisco notes. Securityweek.com reported this, June 6, 2014.
Andrew Tsonchev, Security Researcher at Cisco elaborates, utilizing current lawful websites for supporting the EK leads to an increased requirement of setting as also keeping one dedicated system of domains, while reduces a few of the difficulties involved in doing the same like creating fresh URLs, randomizing their names, utilizing several simultaneous e-mail ids etc., so easy attribution can be avoided. Blogs.cisco.com reported this, June 5, 2014.
» SPAMfighter News - 16-06-2014