Recently, Internet Explorer’s two new identified vulnerabilities are exploited by the malicious threat group called Magniber to attack users’ devices and encrypt them. The newly identified flaws found on the Internet Explores system are tracked as (CVE-2021-40444) and (CVE-2021-26411). These vulnerabilities both have a CVSS v3 severity score of 8.8.
The CVE-2021-40444 is a remotely executed code in the Internet Explorer’s engine activated by opening an infected document. Unfortunately, CVE-2021-40444 was exploited by the malicious threat actor as a zero-day before Microsoft patched it last September. On the other hand, the CVE-2021-26411 was repaired in March this year, and the hackers used it as a memory corrupting flaw by viewing a maliciously modified website.
The wise decision of Magniber to put malvertisement on Internet Explorer was perfect.
The vicious Magniber gang has a reputation of attacking using vulnerabilities to breach systems and inject their ransomware. Last August, Magniber was seen exploiting a vulnerability to infiltrate Windows servers, which took Microsoft a tremendous amount of time before a remedy to the impact.
The latest activity conducted by Magniber focuses on taking advantage of Internet Explorer flaws using malvertisement that urges exploit kits.
Researchers believed that the Magniber may have targeted the Internet Explorer vulnerabilities since it is easy to activate. It relies upon stimulating the visitor’s curiosity to open the malvertisement ad or web page.
It may seem strange that the threat actors are targeting this old and unusually used web browser, but researchers think it is an easy way to bait the small population of Internet Explorer users. Moreover, Firefox and Chrome are both heavily guarded since many visitors visit their browsers every day. Since its introduction to the hacking world, Magniber ransomware has been developing throughout the years, and its malware has been rewritten three times every successful intrusion.
Magniber is uncracked; therefore, there is no available decryptor to use in restoring the encrypted file. This ransomware is not the kind of threat actor to steal files and extort targets, so their attacks are mainly for file encryptions only. The public should always have backed-up files on secured and isolated systems for effectively countering this specific threat attack.