live casino online

There¡¯s a new player in the exploit kit landscape. Dubbed Lord, this new exploit kit was initially seen delivering the njRAT malware (detected by live casino online as Backdoor.MSIL.BLADABINDI.IND) before distributing the Eris ransomware ?(Ransom.Win32.ERIS.C).?

is a known information stealer and backdoor whose capabilities are constantly reworked or updated, given how it¡¯s readily shared in the cybercriminal underground. The Eris ransomware, meanwhile, was first in May being distributed through a malvertising campaign that employed the .?

[RELATED NEWS:? How a Spam Campaign Is Using Malicious Documents Embedded with Exploit for Adobe Flash Vulnerabilities, Including CVE-2018-15982]?

Lord first checks if the affected system has Adobe Flash Player. If the machine has the software installed, Lord will attempt to use an exploit (Trojan.SWF.CVE201815982.AE) that takes advantage of CVE-2018-15982, a vulnerability in Adobe Flash, to deliver its payload. The vulnerability, in December 2018, is also exploited by the Spelevo and Greenflash Sundown exploit kits, the latter of which was recently used by the to spread cryptocurrency-mining malware. As noted in a live casino online research on threat hunting via social media, the same vulnerability was involved in an attack that targeted a healthcare organization in Russia.?

Lord was first by a Virus Bulletin researcher, Adrian Luca, in attack chains that employed malvertising, or the use of malicious or hijacked advertisements to spread malware, on the PopCash ad network. The malvertising component used a compromised site to divert unwitting users into a landing page hosting the exploit kit.?

[READ: Cybercrime and Exploits: Attacks on Unpatched Systems]?

Further by researchers at Malwarebytes noted Lord¡¯s use of , a service that enables developers to expose their local servers to the internet when testing their applications or websites, to easily generate randomized subdomains. Seldom seen in other exploit kits, this can enable Lord¡¯s operators to simply replace subdomains once they¡¯ve been detected or blocked.?

Also of note is Lord¡¯s redirection of the webpage to Google¡¯s home page after the payload is delivered. Also done by , this action can deceive an unwitting user into thinking that nothing is amiss.?

[READ: Exploits as a Service: How the Exploit Kit + Ransomware Tandem Affects a Company¡¯s Bottom Line]?

Lord¡¯s operators are reportedly fine-tuning the exploit kit actively, which means that its payloads, techniques, distribution tactics, and vulnerability exploits will change over time.?

Lord demonstrates how opportunistic exploit kits can be, rehashing old vulnerabilities, proofs of concept, and off-the-shelf malware to ultimately monetize the systems they affect. While exploit kits are no longer as prolific as they were, especially at the peak of their activities from the notorious Angler, their recent reemergence, as with Greenflash Sundown, means they are still a compelling threat.?

That they¡¯re also given to taking advantage of old or known vulnerabilities means they can still bank on the window of exposure between the disclosure of a vulnerability and the release of its patch. The risk is higher for organizations whose systems still use Flash-based content, especially if these systems are needed in maintaining business operations and in storing and managing sensitive data.?

[Security 101: How Virtual Patching can Help Address Security Gaps in the Organization]?

Threats such as those brought by the Lord exploit kit can be thwarted and their effects mitigated through best practices. To that end, here are several security measures that users and businesses should follow:

• Keep systems regularly patched and updated, or employ virtual patching to secure legacy or out-of-support systems that still use Flash-based content.
• Enforce the principle of least privilege by restricting or disabling the use of outdated or unnecessary components in the system.
• Actively monitor systems and networks for suspicious activities. For businesses, enabling firewalls and deploying intrusion detection and prevention systems help prevent threats that exploit vulnerabilities in the network level, while and application control help prevent suspicious processes from being executed and unauthorized executables from running.