Researchers at Bitdefender have discovered a new malware campaign. This one uses an attack method that has fallen out of favor in recent months, called the Exploit Kit.
Exploit Kits used to be all the rage. Flash Player was a popular target for Exploit Kit based attacks but it is now a thing of the past. Therefore, the popularity of the Exploit Kit has declined markedly.
Someone is apparently trying to give it a comeback, however. It has been made possible by the fact that there are a growing number of users on the internet who don’t prioritize updating their browser software. Notably, the users still relying on Internet Explorer are particularly vulnerable since it is no longer receiving security updates.
The latest campaign has been dubbed RIG EK. It exploits CVE-2021026411 which is a flaw in Internet Explorer that causes memory corruption when visiting a specially crafted website. Once the group has a victim on the hook, they deploy a malware strain called RedLine which is an inexpensive but quite powerful infostealer. It is especially popular on Russian-speaking hacking forums.
Once RedLine is installed, the hackers will exfiltrate all the data they can from the victim’s device, focusing on stored payment card information, cryptocurrency wallet information, and other high value data.
The RIG EK campaign doesn’t really do anything new. However, the hackers behind it have found new ways to breathe life into older techniques that had become rarely seen on the threat landscape, and that makes it a genuine threat.
If your organization hasn’t historically prioritized browser updates, this might be a good time to consider changing that policy. If you’re still using Internet Explorer for one reason or another, it’s past time to apply some resources to the task of transitioning away from it. Even if for no other reason than to give yourself a few less headaches.