Ransomware Spreads Online via Website of Security Certification ProviderCyber Management

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Cyber Management Ransomware Spreads Online via Website of Security Certification Provider

Tagged: 

This topic contains 13 replies, has 11 voices, and was last updated by  yakoko 3 years, 3 months ago.

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • #51178

    812teck
    Participant

    March 25, 2016

    For the past four days, security certification provider EC-Council has been observed redirecting visitors towards a page with the Angler exploit kit, which drops TeslaCrypt ransomware onto the victim’s machine. According to threat intelligence expert Yonathan Klijnsma, the dangerous Angler exploit kit was seen distributing ransomware to Internet Explorer users since Monday.

    Klijnsma reports that the redirects may have been around longer than suspected. Based on his analysis, the Angler exploit kit runs when these specific conditions are met: when the visitor uses Microsoft Internet Explorer browser, when the user comes from a search engine such as Google or Bing, and when the user uses an IP address that is not blacklisted or coming from a blocked geolocation as the inject avoids certain countries—especially if the cybercriminals behind the attack could possibly be incriminated.

    Various popular websites continue to serve malicious advertisements that deliver exploit kits, resulting in millions of affected users. Klijnsma writes “Once the user has jumped through all the redirects, he/she ends up on the Angler exploit kit landing page from which the browser, Flash Player plugin or Silverlight plugin will be exploited. The Angler exploit kit first starts the ‘Bedep’ loader on an exploited victim machine which will download the final payload”. The EC-Council website is exploited through its vulnerable WordPress CMS—which makes a good target for any attacker via vulnerable plugins.

    The Angler Exploit kit drops ‘TeslaCrypt’ ransomware, which encrypts a victim’s files before it demands around 1.5 Bitcoin ($622) for a decrypt key. Despite repeated warnings, EC-Council has not responded nor has taken corrective action.

    As long as vulnerable applications continue to be in widespread use, they will continue to be a threat. As reported by Trend Micro, exploit kits have been a significant threat for years—affecting mostly users in Japan and the US, with frequent victims in Australia, Canada, France, Germany, and the UK.
    [READ: How serious is the Angler Exploit kit problem?]
    https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/ransomware-spreads-online-via-website-of-security-certification-provider

    #51281

    812teck
    Participant

    Interesting!

    #51526

    Kowalski
    Participant

    The problem is, how u’d know if u’r getting your data back, and it’s not being sold for others…

    #52672

    RunningMan
    Participant

    Sounds as if management is in denial, trying to avoid the ‘we are at fault finger.’ At what point will companies take security seriously?

    #52815

    812teck
    Participant
    #56585

    Imran Rafique
    Participant

    Nice

    #58170

    Wow

    #58958

    Dragon
    Participant

    Are Chrome and Firefox users affected or just IE users? Does it effect Edge users as well?

    #58994

    812teck
    Participant

    Not sure

    #59167

    Panagiotis
    Participant

    I will read the attachment article and i will see what i can do.

    #59747

    vireshsrivastava
    Participant

    any update on the issue yet? Any measures taken by EC-Council or others ?

    #59969

    ebarlow
    Participant

    This is not the first time I have heard of IT Security Professionals being specifically targeted for spyware/ ransomware. Its almost a “duh” moment when you think about it. Why not go after those individuals that would most likely be the ones that prevent the spread of the malware. This is going to be more of an issue in the future as more and more of the professional and training sites are hacked by those that we are trying to defend our organizations against. The bad guy has taken the first step…. are we going to sit back and be a target for them?

    #60675

    aibraimoski
    Participant
    #62065

    yakoko
    Participant

    I recently found that many people buy CSGO Skins good skin, but do not worry I’ve got a good skin you can go and see the website Buy CSGO Skins

Viewing 14 posts - 1 through 14 (of 14 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel