Legacy (read: outdated) or illegal software is known to be high-risk in terms of cybersecurity. As the latest data from Kaspersky Security Network (KSN) reveal, there is a “sustained campaign targeting users of Internet Explorer in the Asia Pacific (APAC) region.”
According to the cybersecurity company, there is an exploit kit known as “Magnitude EK” that has been actively evolving and trying to infect users in Hong Kong, South Korea, and Taiwan with new exploits.
“Magnitude EK is one of the longest-standing exploit kits,” said Boris Larin, security researcher at Kaspersky. “It was on offer in underground forums from 2013 and later became a private exploit kit. As well as a change of actors, the exploit kit has switched its focus to deliver ransomware to users from the specific Asia Pacific (APAC) countries via malvertising. Our statistic shows that this campaign continues to target APAC countries to this day and during the year in question Magnitude EK always used its own ransomware as a final payload.”
Exploits are typically distributed in packs containing multiple exploits for different vulnerabilities. Exploit kit, also known as exploit pack, is used to identify software installed on a victim’s computer, match it against the list of exploits in the pack and deploy the appropriate exploit if one of the applications installed is vulnerable.
Malvertising refers to the use of online ads to distribute malicious programs. Cybercriminals embed a special script in a banner or redirect users who click on an ad to a special page containing code for downloading malware. Special methods are used to bypass large ad network filters and place malicious content on trusted sites. In some cases, visitors do not even need to click on a fake ad — the code executes when the ad is displayed.
Kaspersky’s close monitoring also showed that Magnitude EK is actively maintained and undergoes continuous development. In February this year, it has switched to an exploit for the more recent vulnerability CVE-2019-1367 in Internet Explorer (originally discovered as an exploited zero-day in the wild).
The campaign’s older ransomware versions used to check hardcoded language IDs which include languages in Hong Kong, the People’s Republic of China, Singapore, Taiwan, South Korea, Brunei Darussalam, and Malaysia. In newer versions, the check for the language ID was removed.
“As of last month, there is still a small percentage of online users in APAC browsing the web through Internet Explorer as it has remained the default web browser for Windows 7/8/8.1,” said Stephan Neumeier, managing director for Asia Pacific at Kaspersky. Using obsolete software that will not receive security updates and vulnerability patches is synonymous with welcoming cybercriminals with open arms. Three years after the infamous Wannacry attack, businesses and individuals should now be more vigilant against ransomware and other types of attacks. All possible entry points in your systems and devices should be addressed as soon as possible,” comments
Kaspersky recommends the following to keep devices and data safe:
- Pay careful attention to the websites you are visiting. Do not visit dubious sites and avoid clicking random ads.
- Do not use outdated versions of operating systems and other software. Make sure that you install any software updates in a timely fashion.
- Be critical of e-mail attachments, including ones that are sent from acquaintances. If a friend suddenly sends you an essay that you did not ask for, that is the reason for suspicion.
- Pay attention to the extensions of the files that you are downloading. If you downloaded an EXE file instead of a document, do not open it.
- Use a reliable computer security solution such as Kaspersky Total Security for individuals and Kaspersky Endpoint Security for enterprises.
- Cybercriminals send ransomware to users of an out-of-date web browser in APAC