The Rig Exploit Kit Has Forsaken Ransomware for Coinminers [source: bleepingcomputer]

01 Mar 2018

No Comments

1201

The exploit kit landscape has continued its downfall started in the summer of 2016 and its leading player —the RIG exploit kit— has stopped delivering any ransomware strains in 2018, focusing now on spreading cryptocurrency miners (coinminers) and information-stealing trojans (infostealers).

These are the main conclusions of months of observation by Palo Alto Network security researcher Brad Duncan.

Exploit kit market continues to fall

Duncan, one of the leading specialists in malvertising campaigns and exploit kit usage, has been one of the first to notice the declining state of the exploit kits —web-based applications that facilitate the delivery of malicious code to vulnerable and outdated browsers.

The expert pointed out last year that the exploit kit market, which started a general decline in the summer of 2016, has continued to fall in the first half of 2017. In a blog post today, Duncan says that fall has continued all throughout 2017 and the first month of 2018.

No large EK operation has surfaced on the exploit kit market in 2017, but two major players —Sundownand Neutrino— faded out instead.

RIG has continued to dominate detections for exploit kit activity, but these detections are a fraction of what RIG used to get. Looking at Palo Alto’s internal data, Duncan reveals a sharp drop in RIG EK, activity from 812 monthly campaigns in January 2017 to only 65 in January 2018.

For more, click here.