The Cosmos Bank website was compromised with the infamous RIG exploit kit which was delivering ‘Cerber Ransomware’. As a result, all visitors to their website are being automatically infected. Cosmos Bank was established in 1906. Headquartered in Pune, it is hailed as one of the oldest Urban Co-operative Banks in India.
Cosmos Bank was informed about this security breach as of March 20, 2017. But there has been no action taken. As of today, the website is still infected with the Exploit Kit, and if you are curious to open the website, we will strongly recommend that you don’t do it. Your system may get hacked by a dangerous ransomware.
References: Cosmos Bank’s Website Compromised by ‘Cerber Ransomware’: Quick Heal Report | Cosmos Bank Website Compromised with RIG Exploit Kit Which Drops Cerber Ransomware | Cosmos Bank’s Website Compromised With RIG Exploit Kit; Cerber Ransomware Infects Website Visitors!
A Zero Day vulnerability patched earlier this month by Microsoft has been under attack since last summer, researchers said. The flaw was exploited in the AdGholas malvertising campaign and was then implemented in the Neutrino exploit kit. Microsoft fixed a boatload of vulnerabilities with the March patch updates, which included three flaws already undergoing exploitation.
The vulnerability could allow information disclosure if a user visits a malicious website. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message. The attacker could also be able to detect the type of security software running on the targeted system, especially solutions that analyze malware.
References: CVE-2017-0022 Deployed in AdGholas Malvertising and Neutrino EK | Security Update for Microsoft XML Core Services | Microsoft XML Core Services CVE-2017-0022 Information Disclosure Vulnerability
*IP addresses provided by Recorded Future.
Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.