One of the web’s most notorious methods for infecting devices with malware has been curtailed by security researchers at Cisco Systems.
The Angler Exploit Kit has proven hugely popular amongst attackers over the past twelve months, with analysts claiming that it has been successfully used to infect up to 40 per cent of the devices it has targeted.
However, investigators at Cisco’s Talos security unit recently discovered that half of the infected computers were connecting to servers located in Dallas, Texas, hired by the attackers using stolen credit cards. Cisco informed the cloud provider, Limestone Networks, of the malicious intent that some of their servers were being put towards and they were immediate shut down. They also received server data which has proved valuable for identifying how the Angler Exploit operates.
Cisco has been able to copy the authentication protocols used by the attackers, which will enable security firms to block infected computers. "It's going to be really damaging to the attacker's network," explained Craig Williams, manager of the Telos unit.
Once a computer has been infected by an exploit kit, attackers can install any programs they wish, including ransomware, which has proven an extremely lucrative approach for cybercriminals. It is estimated that the attackers using Limestone’s servers may have made $30 million in a single year.
Attackers often use malicious adverts, fake websites or spam emails in order to infect computers, but this has become more challenging following Cisco’s investigation. Already the number of reported Angler infections has fallen significantly.