Malvertising successfully delivers ransomware to APAC users for the past 7 years

Magnitude EK is one of the longest-standing exploit kits. It was on offer in underground forums from 2013 and later became a private exploit kit. As well as a change of actors, the exploit kit has switched its focus to deliver ransomware to users from specific Asia Pacific (APAC) countries via malvertising.

Zero day exploits hunter at Kaspersky GReAT, Boris Larin recently wrote a blogpost after having closely studied the evolution of Magnitude EK for the past 12 months.

Active attacks by Magnitude EK in 2019-2020 according to Kaspersky Security Network (KSN)

He says, “Our statistics show that this campaign continues to target APAC countries to this day and during the year in question.”

In this scenario, cybercriminals used malvertising, a trick to sneak viruses into ads even on trusted websites. The worst part, visitors don’t even need to click on a fake ad to get infected as the malware already exist as soon as the ad is displayed.

The reward from falling prey to malvertising is the ransom. Magnitude EK uses its own ransomware as its final payload and Larin payed close attention to the changes to payload/shellcode that occurred over the period of one year (June 2019 to June 2020). He says, “The attackers are fine-tuning their arsenal on a regular basis. We observed attacks happening almost every day.”

Closer to home, Kieran Cook, Pre Sales Manager at Kaspersky ANZ says, the services behind ransomware are continually being refined and perfected to the point that it is a highly deliverable, scalable and customisable service offered to which ever cybercriminal wishes to leverage it.”

Specific to Australian businesses trying to assess their threat exposure, Kaspersky Corporate IT Security Risks Survey show it remains a question of following the money. Based on the survey, the average cost of ransomware attacks that resulted in data breaches are $1.46M and continues to be significant because it pays.

“This highlights a significant blind spot in Australian security strategies and budgets that is not being addressed. If Australian businesses don’t start to take the risk of attacks more seriously, the velocity and value will quickly begin to escalate,” warns Kaspersky ANZ General Manager, Margrith Appleby.

With the current health pandemic, we ask how serious is the volume of attacks performed by exploit kits. Larin says, “The total volume of attacks performed by exploit kits has decreased, but they are still active and still pose a threat; therefore, need to be treated seriously. Magnitude is not the only active exploit kit and we see other exploit kits that are also switching to newer exploits for Internet Explorer.”

Take these anti-ransomware measures to protect what matters most to you online:

• Always update your operating system and software to eliminate recent vulnerabilities.

• Use a reliable computer security solution such Kaspersky Total Security for individuals

• Try a free trial of Kaspersky Anti-Ransomware Tool for Business. Its updated version contains an exploit prevention feature to prevent ransomware.

• Don’t pay the ransom. If you become a victim, report it to your local law enforcement agency or use these free decryptor tools here: https://www.nomoreransom.org/en/index.html

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.au.