Sergey Nivens - Fotolia
Cisco has been praised for its quick response to the discovery of a cyber criminal operation worth an estimated $30m a year.
During the month of July 2015, Cisco researchers found that Limestone Networks hosted more than a third of the IP addresses serving up the Angler exploit kit.
The Angler exploit kit is popular among cyber criminals who use it to exploit software and hardware vulnerabilities to infect computers with malware, particularly ransomware.
According to Cisco researchers, Angler is one of the most sophisticated and widely used exploit kits because of its innovative use of Flash, Java, Internet Explorer and Silverlight vulnerabilities.
Limestone was reportedly hit by monthly costs and loss of business of up to $10,000, mainly in charge backs due to fraudulent credit card use.
Cisco responded quickly by issuing a security update for its networking equipment to block redirects to Angler’s proxy servers and published guidance on how users’ can protect themselves.
“We are seeing a rapid and proactive response to a known threat, which we have also seen recently with the Experian and T-Mobile breach,” said Garve Hays, systems architect at NetIQ, the security portfolio of Micro Focus.
“Reports of this most recent hack further shows that a ‘Bastille’ will not protect the datacentre or customers. We need to think more in terms of speed of response to attack and stop trying to hope we can keep every bad guy out,” he said.
However, independent security consultant Graham Cluley said that despite disrupting the cyber criminals’ infrastructure, Cisco’s action would not deliver a killer blow to the Angler exploit kit.
“The organised criminals behind such attacks are not going to roll over and give up. They will be back, looking for alternative mechanisms and web hosting services to help them infect unsuspecting web users’ computers,” he wrote in a blog post.
The Limestone Networks case shows that the criminals involved were too lazy to research their own exploits and were instead using an exploit kit, said Hays.
“This time around their attempts were foiled, but is serves to show the barrier to entry has been lowered to the point where less skilled malefactors can make the attempt,” he said.
Read more about exploit kits
- Enterprise threats expert Nick Lewis advises how to mitigate the threat of the Angler exploit kit.
- Exploits of latest Adobe Flash Player zero-day vulnerability highlight threat to the enterprise of web-based exploit kits such as Angler.
- Silverlight security issues will demand more attention as attackers increasingly target the plug-in, leaving users vulnerable to various exploits.
- A researcher at the 2013 (ISC)2 Security Congress said exploit kits have revolutionised malware creation, even lowering the bar for targeted attacks.