Experts were right – IE zero-day attacks are escalating
Attacks exploiting an unpatched Internet Explorer flaw continue to rise, as researchers uncovered campaigns involving a compromised government website and an unnamed financial institution.
Experts predicted attacks would increase in frequency since exploit code was made publicly available last month, and FireEye said it has seen at least three separate hacker groups using the vulnerability.
The so-called DeputyDog campaign using the vulnerability was detailed last month, targeting Japanese organisations.
Fresh research has uncovered an actor known as Web2Crew, who was responsible for an attempt on a financial body, using the flaw to get the PoisonIvy malware on the target’s machines. PoisonIvy is traditionally used in advanced attacks designed to pilfer information and spy on victims, rather than earn money.
Another hacker group compromised the Taiwanese government website to serve up an exploit of the flaw, dropping the Taidoor malware.
A malicious actor called th3bug was seen exploiting the flaw in multiple attacks, dropping the PoisonIvy malware.
Whilst these attacks are advanced persistent threats (APTs), which typically target government bodies and large private businesses, FireEye expects exploits of the Internet Explorer zero-day to filter down the food chain.
“We expect that CVE-2013-3893 will continue to be handed down to additional APT campaigns and may eventually find its way into the cyber crime underground,” the security firm said in a blog post.
“ It is not uncommon for zero-day exploits to be handed down to additional APT campaigns after they have already been used.”
Meanwhile, the Internet Explorer exploit has been added to the Metasploit framework, meaning hackers, ethical or no, can easily use it.
Microsoft’s temporary fix can be found here.
How much do you know about information security? Try our quiz and find out!