This malware tool is still successfully exploiting Internet Explorer vulnerabilities

Audio player loading…

The notorious exploit-as-a-service RIG Exploit Kit, targeting users of the positively ancient, vulnerability-ridden web browser Internet Explorer, is still going strong, experts have warned.

Per a report (opens in new tab) by security research firm Prodaft, installs of the kit are attempting around 2,000 intrusions a day, and succeeding 30% of the time, allowing it to spread infostealers and other forms of malware to users in over 207 countries.

Despite warning against the rise of cybercrime-as-a-service in 2022’s Microsoft Digital Defence Report, and RIG being known to also distribute ransomware, millions of users (mostly in enterprise) just won’t stop using Windows Explorer, having apparently no regard for data privacy.

Update your browser, please God

Internet Explorer has been old news since around 2015, when the now Chromium-based Edge was put into development, and completely depreciated since August 2021

And in February 2023, Microsoft announced that it’s finally getting around to scrubbing every last bit of it from existence, such an embarrassment it is in this day and age, and making you use Edge anyway (although you can still do a lot better).

We keep writing about it, and we keep getting emails from burgeoning violent criminals swearing at us over why we bother doling out security posture advice for businesses at all. (Hugs and kisses to all our readership, even if they’ve fled an institution. xox)

But, do you know what, we’re going to do it again: buy new laptops running Windows 11, and enjoy all the advancements in UI that have come on in the last 28 years, you wanton maniac.

And then maybe you won’t have to keep a straight face in front of IT when threat actors known only as “Bean Meme Gang” steal the private medical records of a million people, and we could write about something else.

Via BleepingComputer (opens in new tab)

Source

Be the first to comment

Leave a Reply

Your email address will not be published.


*


four × four =