Security News > 2023 > February > RIG Exploit Kit still infects enterprise users via Internet Explorer

RIG Exploit Kit still infects enterprise users via Internet Explorer
2023-02-27 15:05

The RIG Exploit Kit is undergoing its most successful period, attempting roughly 2,000 intrusions daily and succeeding in about 30% of cases, the highest ratio in the service's long operational history.

The RIG exploit kit is a set of malicious JavaScript scripts embedded in compromised or malicious websites by the threat actors, which are then promoted through malvertising.

While many of the exploits targeted by RIG EK are for Internet Explorer, which Microsoft Edge has long replaced, the browser is still used by millions of Enterprise devices, which are a primary target.

Prodaft says RIG EK currently targets 207 countries, launching an average of 2,000 attacks per day and having a current success rate of 30%. This rate was 22% before the exploit kit resurfaced with two new exploits, says Prodaft.

Currently, RIG EK primarily pushes information-stealing and initial access malware, with Dridex being the most common, followed by SmokeLoader, RaccoonStealer, Zloader, Truebot, and IcedID. Of course, the types of malware spread by RIG EK constantly change depending on which cybercriminals choose to use the service.

RIG EK's focus on Internet Explorer may cause the service to become soon obsolete as Microsoft finally retired Internet Explorer in February 2023, redirecting users to Microsoft Edge.


News URL

https://www.bleepingcomputer.com/news/security/rig-exploit-kit-still-infects-enterprise-users-via-internet-explorer/