Hackers going Nuclear following Blackhole takedown
Researchers report alarming increase in exploit kit use
Hackers are leveraging the Nuclear exploit to launch a fresh wave of attacks using compromised webpages on a number of popular websites, including Facebook, according to researchers at Zscaler.
Zscaler ThreatLabz researcher Rubin Azad reported uncovering the campaign in a blog post, claiming the firm spotted the trend after detecting an alarming spike in exploitation attempts on its customers.
"We have seen an increasing number of compromised sites and scam pages leading to Nuclear Exploit Kit [EK] in past three months," he said.
"Some of the notable compromised sites during this timeframe that were redirecting to Nuclear EK includes: SocialBlade.com – a YouTube statistics tracking site – AskMen.com [and] Facebook.com [via] survey scam pages."
Azad told V3 the attacks attempt to use vulnerabilities in numerous popular programmes to infect victims' systems.
"Nowadays Nuclear EK is picking up the pace in the Exploit Kit market. We see lots of Nuclear EK traffic which gets blocked before our customers get infected," he said.
"This particular exploit kit makes use most of the common file types such as PDF, Flash, Java, Windows executables etc and exploits the end user."
Zscaler director of security research Deepen Desai said the rise in Nuclear exploit is likely a response by the cyber crime community to law enforcement agencies work combating the Blackhole exploit.
Russian police arrested a man, who goes by the name Paunch, believed to be the Blackhole exploit kit's author in October 2013. Security researchers have since reported that use of the Blackhole exploit kit has radically dropped.
Desai said the gap left by Blackhole means Nuclear is now one of the top five most dangerous exploit kits in the wild and called for web users and business to be extra vigilant.
"Nuclear Exploit Kit, in our opinion, is one of the top five most prevalent cyber crime exploit kits in the wild at the moment," he said.
"Zscaler advises users to be extremely vigilant when clicking on URLs in emails from untrusted sources. It is also extremely important to apply latest software security updates when they become available to avert such exploitation attempts."
Blackhole is one of many cyber criminal operations targeted by law enforcement over the last year. The FBI arrested the founder of the Silk Road cyber black market Ross William Ulbricht in October.
V3 Latest
How to fix the Windows 10 Anniversary Update
Tips to get your PC back in order if the Anniversary Update has created problems
Google fined £5.2m for Android antitrust violations in Russia
Firm has also been ordered to change its agreements with device makers
Brexit: Tech sector loses confidence in UK after Leave vote
Survey of techUK members finds despondency among cutting-edge firms
Galaxy Note 7 vs Galaxy Note 5
How does the new Galaxy Note compare with its predecessor?
