Gandalf_The_Grey
Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,255
The RIG Exploit Kit is undergoing its most successful period, attempting roughly 2,000 intrusions daily and succeeding in about 30% of cases, the highest ratio in the service's long operational history.
By exploiting relatively old Internet Explorer vulnerabilities, RIG EK has been seen distributing various malware families, including Dridex, SmokeLoader, and RaccoonStealer.
According to a detailed report by Prodaft, whose researchers gained access to the service's backend web panel, the exploit kit remains a significant large-scale threat to individuals and organizations.
Prodaft says RIG EK currently targets 207 countries, launching an average of 2,000 attacks per day and having a current success rate of 30%. This rate was 22% before the exploit kit resurfaced with two new exploits, says Prodaft.
As the heatmap published in the report shows, the most impacted countries are Germany, Italy, France, Russia, Turkey, Saudi Arabia, Egypt, Algeria, Mexico, and Brazil. However, there are victims worldwide.
The highest success rate is brought by CVE-2021-26411, achieving a 45% successful exploitation ratio, followed by CVE-2016-0189 with 29% and CVE-2019-0752 with 10%.
CVE-2021-26411 is a high-severity memory corruption flaw in Internet Explorer that Microsoft fixed in March 2021, triggered by viewing a maliciously crafted website.
The CVE-2016-0189 and CVE-2019-0752 vulnerabilities are also in Internet Explorer, allowing remote code execution in the browser.
CISA published an active exploitation alert for CVE-2019-0752 in February 2022, warning system administrators the vulnerability is still being exploited and to apply available security updates.
RIG Exploit Kit still infects enterprise users via Internet Explorer
The RIG Exploit Kit is undergoing its most successful period, attempting roughly 2,000 intrusions daily and succeeding in about 30% of cases, the highest ratio in the service's long operational history.
www.bleepingcomputer.com