Global Malvertising Campaign Blamed For UCL Ransomware Attack

Security researchers at Proofpoint believe the ransomware attack which caused disruption at University College London (UCL) last week could have been spread by a malvertising campaign.

Proofpoint researcher Kafeine has pointed the finger at the AdGholas hacking group for the attack on UCL and a number of other UK universities, carried out via malware-infused online ads that infected the PC of any user who visited a compromised website.

The malvertising apparently appeared on several high-profile websites, in a move away from the group’s traditional focus on banking Trojans.

Malicious ads

Through the discovery of the command and control (C&C) IP address, Proofpoint’s research found that hackers used the Astrum exploit kit to deliver the Mole ransomware.

This host had previously been used in malvertising campaigns in several other countries – including Australia, Canada, Italy and Switzerland – before also appearing in Japan, Taiwan, and the United States.

“The level of complexity of this particular infection chain suggests a higher-than-average level of sophistication on the part of the threat actors,” said Kevin Epstein, VP of Proofpoint’s Threat Operations Center.

“If the malicious payload in this case hadn’t been ransomware, which is obviously much more visible to users than the banking Trojans these threat actors normally distribute, the victims might never have known they were infected.

“It isn’t necessary to click on an ad in a modern malvertising attack; a user on a targeted, vulnerable PC only needs to visit a page displaying a malicious ad to be infected with the payload of the threat actor’s choice.”

UCL is not the only educational institute to have been targeted by some kind of cyber attack, as cyber security within the sector continues to grow in prominence.

Another high-profile incident occurred in March when a US college was hit by a 54-hour long attack by a variation of the Mirai botnet, which famously took down some of the world’s biggest sites in 2016.

Quiz: Do you know all about security in 2016?

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

5 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

6 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

7 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

9 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

12 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

12 hours ago