November 6, 2019 By David Bisson 2 min read

A malvertising campaign leveraged a fake Blockchain advertisement to expose users to the new Capesand exploit kit.

In October, Trend Micro discovered a malvertising campaign that presented users with a fake blog post discussing blockchain. This page, which attackers had actually copied using the HTTrack website copying tool, contained a hidden iframe that loaded the RIG exploit kit. The threat searched for vulnerabilities that it could exploit to distribute samples of DarkRAT and njRAT malware.

Over the next few weeks, however, researchers observed the iframe changed to load landing.php, which led to their discovery of Capesand hosted on the same server. Their analysis revealed that the new exploit kit was capable of abusing newer vulnerabilities like CVE-2018-4878 (an Adobe Flash Player flaw) as well as CVE-2018-8174 and CVE-2019-0752 (both affecting Microsoft Internet Explorer). They also uncovered that Capesand’s source code didn’t include the actual exploits, thereby necessitating that the exploit kit send a request to the API of its server to receive an exploit payload.

More Exploit Kits Uncovered

Capesand isn’t the only exploit kit that researchers have recently discovered. Back in June 2019, Cisco Talos analyzed an attack campaign that used a compromised business-to-business site to deliver the new Spelevo exploit kit.

Just a few months later, Trustwave uncovered a landing page for the previously undocumented Lord exploit kit, which used a script to collect several pieces of information about a visitor’s computer including their IP address, city of residence and Flash Player version, if any.

How to Defend Against RIG, Capesand and Others

Security professionals can help their organizations defend against RIG, Capesand and other exploit kits by using security information and event management (SIEM) data to learn the context of services affected by certain software vulnerabilities. As part of a larger comprehensive vulnerability management program, companies should also prioritize vulnerabilities so they can create a patching schedule that aligns with their organization’s needs and risks.

More from

Cybersecurity crisis communication: What to do

4 min read - Cybersecurity experts tell organizations that the question is not if they will become the target of a cyberattack but when. Often, the focus of response preparedness is on the technical aspects — how to stop the breach from continuing, recovering data and getting the business back online. While these tasks are critical, many organizations overlook a key part of response preparedness: crisis communication.Because a brand’s reputation often takes a significant hit, a cyberattack can significantly affect the company’s future success…

Brands are changing cybersecurity strategies due to AI threats

3 min read -  Over the past 18 months, AI has changed how we do many things in our work and professional lives — from helping us write emails to affecting how we approach cybersecurity. A recent Voice of SecOps 2024 study found that AI was a huge reason for many shifts in cybersecurity over the past 12 months. Interestingly, AI was both the cause of new issues as well as quickly becoming a common solution for those very same challenges.The study was conducted…

39% of MSPs report major setbacks when adapting to advanced security technologies

4 min read - SOPHOS, a leading global provider of managed security solutions, has recently released its annual MSP Perspectives report for 2024. This most recent report provides insights from 350 different managed service providers (MSPs) across the United States, United Kingdom, Germany and Australia on modern cybersecurity tools solutions. It also documents newly discovered risks and challenges in the industry.Among the many findings of this most recent report, one of the most concerning trends is the difficulties MSPs face when adapting their service…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today