Cisco has disrupted the spread of the harmful malvertising and ransomware campaigns that are generated by the notorious Angler Exploit Kit.
The Angler Exploit Kit is one of the most advanced and concerning exploit kit in the market which includes small programmes that take advantage of flaws in web browsers and other software.
However, the buyers of the kit have to find their own way to reach their targets which is usually done through hacking and then by installing ransomware or other types of malware into a targeted computer.
Cisco’s Talos security unit discovered that proxy servers used by Angler were located on the servers of service provider Limestone Networks in Dallas, Texas.
According to Cisco, the kit has helped hackers targeting up to 90,000 victims a day, generating more than $30M annually.
After the discovery, Limestone Networks pulled the plug on the servers and provided Cisco with the insight on how Angler worked.
The research effort also involved Level 3 Communications, which allowed Cisco to copy the authentication protocols the Angler criminals use for their interaction with their prey.
By knowing the protocols security companies will be able to cut off infected computers easily, Cisco said.
After making the discovery Cisco said that it started updating products to stop redirects to the Angler proxy servers.
Cisco also released snort rules to detect and block checks from the health checks, published communications mechanisms including protocols to help other protect themselves and their clients.
Cisco said that it will also be publishing IoCs so that defenders will be able to analyse their own network activity and block access to remaining servers.
