Čvn 07

Ransomware Infections Set To Spike Due To Angler Bypassing EMET

Source: bitcoin

Bitcoinist_Ransomware Malware Angler

Ransomware remains a threat looming over every Internet user in the world today. Protecting one’s computer from this type of malware is becoming harder once again, thanks to the EMET-evading exploit. Security experts feel the number of ransomware infections will ramp up exponentially once again.

Also read: Poloniex Exchange Confirms Funds Are Safe Despite Outage

EMET protection is found on the Windows operating system, as Microsoft designed this tool to block Windows-based exploits. However, internet criminals have come up with a way to bypass this protection. Moreover, they bundled the instruments in the Angler exploit kit, which remains one of the most popular choices for hackers to this very day.

EMET Is Not Impenetrable

Up until this point, many security experts felt that EMET was the most efficient ways to prevent Windows computers from being attacked or infected. Moreover, it has never been possible to bypass this layer of protection entirely. FireEye researchers discovered the new code in the Angler exploit kit on Monday, June 6.

TeslaCrypt used to be a favorite among Internet criminals looking to execute drive-by attacks.This particular type of ransomware has caused a lot of havoc in the past, albeit the creators unveiled the master decryption key not too long ago. Spreading ransomware through an exploit kit that can evade security measures opens up a whole can of worrisome opportunities.

FireEye security experts explained the significance of this news as follows:

“The ability of Angler EK to evade EMET mitigations and successfully exploit Flash and Silverlight is fairly sophisticated in our opinion. These exploits do not utilize the usual return oriented programming to evade DEP. Data Execution Prevention (DEP) is a mitigation developed to prevent the execution of code in certain parts of memory. The Angler EK uses exploits that do not utilize common return oriented programming (ROP) techniques to evade DEP. Instead, they use Flash.ocx and Coreclr.dll’s inbuilt routines to call VirtualProtect and VirtualAlloc, respectively, with PAGE_EXECUTE_READWRITE, thus evading DEP and evading return address validation-based heuristics.”

That being said, it is important to note there are limitations as to what internet criminals can do. For the time being, it appears this method only works on Windows 7. Additionally, targeted computers need either Flash or Silverlight installed to execute the attack. But at the same time, there is nothing stopping hackers using the Angler exploit kit from installing malicious applications and ransomware.

What are your thoughts on internet criminals being able to bypass EMET on Windows machines? Let us know in the comments below!

Source: Ars Technica

Images courtesy of EMET, Shutterstock

The post Ransomware Infections Set To Spike Due To Angler Bypassing EMET appeared first on Bitcoinist.net.

Ransomware Infections Set To Spike Due To Angler Bypassing EMET

Kvě 18

Malware-as-a-service Is A Cheap Way To Spread Bitcoin Ransomware

Source: bitcoin


Cyber security is on the minds of everybody in the technology world these days, yet hackers and internet criminals seem to be outsmarting the masses yet again. One particular cyber criminal syndicate is using malware-as-a-service through the Nuclear exploit kit.

Also read: Kaspersky Labs Outsmarts CryptXXX Bitcoin Ransomware Developers Again

Malware-as-a-service Is A Thing Now

Everything is being turned into some “as-a-service” model, whether it is technology, the blockchain, or in this case, malware. A syndicate of cyber criminals are using the Nuclear exploit kit to spread malware worldwide, and they control a total of fifteen active control panels. Up until now, no one has any idea as to who is behind this “business model”, although there are indicators Russian hackers are involved.

Check Point, a security research team, recently uncovered how the malware-as-a-service business model brings in roughly US$100,000 a month in revenue. That is a rather staggering amount, which goes to show how much interest there is by internet criminals to infect computers around the world with malware and ransomware.

By using these 15 Nuclear control panels, the malware-as-a-service providers infected nearly two million devices last month. Although the success rate was only 9.95%, that still leaves over 184,000 machines infected with malware. This number does not come as a complete surprise either, as exploit kits facilitate the execution of ransomware and banking Trojans remotely.

What makes the malware-as-a-service business model so dangerous is how cyber criminals help other malicious individuals attack unsuspecting users. Nuclear has been one of the top exploit kits for quite some time now, and it looks like this trend will continue for the foreseeable future.  

However, it is important to note this entire malware-as-a-service business model has a critical flaw, as there is a central point of failure. The master server for all of these portals is controlled by the service provider, which inserts a certain level of “trust among criminals”. If the service provider would be arrested, law enforcement may be able to shut down all of the other portals.

Check Point also reports that ransomware is the dominant payload for this malware-as-a-service business model. Their statistics indicate close to 110,000 Locky droppers have been sent out, leading to US$12.7m in financial losses for victims. However, it appears some of the Nuclear portals have already been shut down, according to the report, which is a rather surprising turn of events.

Are you concerned about the malware-as-a-service phenomenon? What can we expect from internet criminals in the future/ Let us know in the comments below!

Source: Check Point

Images courtesy of Shutterstock, Check Point

The post Malware-as-a-service Is A Cheap Way To Spread Bitcoin Ransomware appeared first on Bitcoinist.net.

Malware-as-a-service Is A Cheap Way To Spread Bitcoin Ransomware