Internet Explorer is still causing trouble, even from the grave
The Magniber ransomware group has begun exploiting patched vulnerabilities in Internet Explorer
Despite the fact that the end of life date for Internet Explorer is fast approaching, the Magniber ransomware gang has begun exploiting two patched vulnerabilities in Microsoft's legacy browser to launch attacks on unsuspecting users.
According to a new report from Bleeping Computer, the group has begun exploiting Internet Explorer vulnerabilities using malvertising that push exploit kits to businesses operating in Asia.
Magniber started in 2017 as the successor to another ransomware strain called Cerber and the group initially only targeted users in South Korea. In the time since though, the ransomware gang has expanded the scope of its operations to infect systems in China, Taiwan, Hong Kong, Singapore and Malyasia.
The Internet Explorer vulnerabilities being exploited in Magniber's latest round of cyberattacks are tracked as CVE-2021-26411 and CVE-2021-40444 and both vulnerabilities have a high CVSS score of 8.8.
While the first vulnerability is a memory corruption flaw triggered by viewing a specially crafted website, it was patched by Microsoft back in March of this year. The second vulnerability enables remote code execution in Internet Explorer's rendering engine by opening a malicious document but it was also patched by the software giant back in September.
Shifting tactics
Magniber has long used vulnerabilities to breach systems and deploy its ransomware. Back in August, the group was observed exploiting PrintNightmare vulnerabilities to breach Windows servers and these flaws took Microsoft a bit more time to fix due to how they impacted users' ability to print documents.
A possible explanation for why Magniber has now shifted tactics to leverage vulnerabilities in Internet Explorer is because Microsoft has mostly fixed PrintNightmare vulnerabilities since they were heavily covered by the media which led admins to deploy the necessary patches and security updates. The Internet Explorer vulnerabilities now being used by the group are also easy to trigger as they only require a potential victim to open a file or webpage.
Get daily insight, inspiration and deals in your inbox
Sign up for breaking news, reviews, opinion, top tech deals, and more.
While most organizations and individuals have switched to using modern browsers like Google Chrome and Microsoft Edge, 1.15 percent of page views worldwide still come from Internet Explorer according to StatCoutner.
As the Magniber ransomware is still in active development and its payload has been completely rewritten three times, those concerned about falling victim to this latest round of attacks from the group should stop using Internet Explorer and switch to another browser that uses auto-updates ASAP.
Looking to further protect yourself online? Check out our roundups of the best endpoint protection software, best malware removal software and best ransomware protection
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.