Do you know what Fallout Exploit Kit is?
Cyber attackers do not stand still, and that has been proven by the vicious Fallout Exploit Kit. This exploit kit has been instrumental in terrorizing Windows users all over the world last year, and although the kit seemed to be inactive during the turn of the New Year, the attackers have refreshed themselves and appear to be in full attack mode again. They have added functionality to the kit, and it is now spreading a wider variety of malicious infections. Furthermore, additional security vulnerabilities have been employed to help with the successful proliferation of malware. Without a doubt, it is time to reevaluate this dangerous exploit kit and what it could bring upon careless Windows users.
The infamous Fallout Exploit Kit first gained wider attention when it was found pushing GandCrab Ransomware, the SmokeLoader Trojan, and a few other, less significant malicious infections. It was used mostly in Japan, South Korea, and other Asian countries, as well as the Middle East and Europe. The exploit kit was first using CVE-2018-8174 and CVE-2018-4878 vulnerabilities embedded in its landing pages. The first one is a Windows VBScript engine vulnerability that was patched in May 2018, and the second one is an Adobe Flash vulnerability patched in February 2018. It is no surprise that attackers have decided to add a new vulnerability. After all, once the operating system is updated, the vulnerabilities are patched, and that means that fewer victims can be targeted. Most recently, the creators of the Fallout Exploit Kit have employed CVE-2018-15982, a Flash Player vulnerability, which has been linked to the Underminer exploit kit as well.
In the past, Fallout Exploit Kit would attempt to exploit the CVE-2018-8174 vulnerability, and if that was not possible, it would move on to CVE-2018-4878. It is likely that the exploit kit works in the same way now, and it attempts to exploit these two vulnerabilities before moving on to checking for CVE-2018-15982, which was officially patched in December 2018. Once in action, it generates a shellcode to obtain malicious payload that is encrypted. The kit decrypts and executes it instantly. A Trojan might be downloaded to check for security systems too. If they are found, the attack should be stopped. The kit itself appears to be distributed with the help of malvertising (malicious advertising) campaigns delivered via such malvertising networks as HookAds, Popcash, RevenueHits, or TrafficShop. Therefore, besides updating up operating systems, Windows users also need to be extremely cautious about the security of their browsers and how they surf the web.
At the time of research, Fallout Exploit Kit was being used for the proliferation of GandCrab Ransomware, GlobeImposter Ransomware, Kraken Cryptor Ransomware, SAVEfiles Ransomware, malicious Trojans, potentially unwanted programs, and other kids of malware. If these threats slither in, they can be used to encrypt users’ files, blackmail them into paying huge ransom payments, steal sensitive information, perform identity theft, etc. Without a doubt, it is crucial to protect oneself against this kind of malware. First and foremost, if you do not want to encounter Fallout Exploit Kit and the malware it spreads, you MUST install all security updates to patch existing vulnerabilities. Do NOT skip updates. Second, Install security software to protect your operating system. Finally, be cautious while surfing the web to evade malvertising campaigns, malware landing pages, and malware payloads.
In non-techie terms:
The Fallout Exploit Kit is a devious instrument that cyber criminals are using for a successful proliferation of all kinds of malware. At the moment, this exploit kit is mostly used for the distribution of ransomware and Trojans, but we have witnessed how flexible it can be. New malvertising campaigns can be set up, new vulnerabilities can be exploited, and new threats can be spread. Since the infections that Fallout Exploit Kit appears to spread are particularly dangerous, all Windows users need to execute caution. If you have any updates waiting, download them immediately. Do not skip or postpone updates in the future. Download reliable anti-malware software to help you protect the operating system. If any threats have found their way onto your operating system already, the software will scan it and warn you about the threats that require removal. Most important, remember to be cautious. Avoid unreliable websites, ignore suspicious ads/pop-ups, and monitor traffic for any suspicious activity.