RIG Exploit Kit Reaches All-Time High Success Rate

February 27, 2023

The RIG Exploit Kit is undergoing its most successful period, attempting roughly 2,000 intrusions daily and succeeding in about 30% of cases, the highest ratio in the service's long operational history. By exploiting relatively old Internet Explorer vulnerabilities, such as CVE-2016-0189, CVE-2019-0752, CVE-2020-0674, and CVE-2021-26411, RIG EK has been seen distributing various malware families, including Dridex, SmokeLoader, and RaccoonStealer. According to a detailed report by Prodaft, whose researchers gained access to the service's backend web panel, the exploit kit remains a significant large-scale threat to individuals and organizations.

RIG EK primarily pushes information-stealing and initial access malware, with Dridex being the most common (34%), followed by SmokeLoader (26%), RaccoonStealer (20%), Zloader (2.5%), Truebot (1.8%), and IcedID (1.4%). As Prodaft researcher stated, “The RIG administrator had taken additional manual configuration steps to ensure that the malware was distributed smoothly. Considering all these facts, we assess with high confidence that the developer of Dridex malware has a close relationship with the RIG's admins.”

The exploit kit is a set of malicious JavaScript scripts embedded in compromised or malicious websites by the threat actors, which are then promoted through malvertising. When a user visits these sites, the malicious scripts will be executed and attempt to exploit various vulnerabilities in the browser to install malware on the device automatically. CISA published an active exploitation alert for CVE-2019-0752 in February 2022, warning system administrators the vulnerability is still being exploited and to apply available security updates.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.