Global online campaign exploits ads with Neutrino Exploit Kit to transfer ransomware to victims' computers, reports Threatpost.
Cisco System’s threat research group has detected and deactivated a global malvertising campaign which exposed visitors on legitimate sites to the malicious code Neutrino Exploit Kit, says Threatpost. Talos Security Intelligence and Research Group took two weeks beginning on August to work with GoDaddy and shut down the malicious server in Russia, which hosted the exploit kit.
According to Talos, criminals used “gates” to display ads stolen from other websites and redirected visitors to the exploit kit. Cisco researcher Nick Biasini said that in those two weeks about 1,000 of one million visitors may have been exposed to Neutrino EK, which then tried to transfer the CrypMIC ransomware to their computers.
Biasini emphasized the seriousness of malvertising campaigns noting that as more content continues to move online the primary revenue source for web sites is online ads. "Cybercriminals know this and are increasingly turning away from other more typical ways of pointing traffic to exploit kits and are now looking to malvertising,” he said.
For details of how the EK worked, click here.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024