Cybercriminals who previously exploited vulnerabilities in Adobe Flash Player, Java and Internet Explorer to infect users with malware, now make use of social engineering to distribute ransomware. The developers of the Magnitude exploit kit that previously abused vulnerabilities in Internet Explorer and Flash now use new tricks to infect their victims with malware.
Using vulnerabilities in popular software hardly required any user interaction. The new tricks that should convince users to install the malware themselves require more sophistication, which is called social engineering. Due to the low number of new exploits for popular software, the developers of exploit kits have resorted to such methods.
The method used by the developer of the Magnitude exploit kit is based on showing malicious advertisements to Windows 10 users with Internet Explorer. When they click the malcious ad they are directed to a page that shows a (fake) warning that Windows Defender can’t be updated. The warning tells users to download an update to solve the issue. The update is a .lnk file that installs the Cerber ransomware on the computer which in its turn starts to encrypt files in the computer and demands a ransom for decryption. Currently especially Asian users are targeted.
“While the social engineering scheme outlined here lacks the refinement of others we have observed in email distribution, the addition of a social engineering attack chain to a major exploit kit is noteworthy,” according to a researcher of security company Proofpoint.
The usage of social engineering means that finding leaks in software now has lower priority because through social engineering users infect their own computer and circumvent all kinds of security measures in browser and Windows themselves.