RIG Exploit Kit Now Includes Windows Double Kill Exploit Code

The RIG exploit kit, used on compromised and malicious websites to silently download malware, has been upgraded with a new exploit. Windows Double Kill exploit code has been added to exploit the CVE-2018-8174 vulnerability – a remote code execution vulnerability that was addressed by Microsoft on May 2018 Patch Tuesday.

To protect against exploitation of this vulnerability, Windows users should ensure they have applied the latest round of patches, although many businesses have been slow to update their Windows devices, leaving them vulnerable to attack.

The vulnerability is in the VBScript engine and how it handles objects in the memory. If the vulnerability is exploited, attackers would gain the same level of privileges as the current user, could reallocate memory, gain read/write access, and potentially remotely execute code on a vulnerable device. The vulnerability has been named ‘Double Kill’ and affects all Windows versions.

The Windows Double Kill vulnerability was being actively exploited in the wild when Microsoft released the update on Patch Tuesday. Initially, exploitation of the vulnerability was achieved through phishing campaigns using RTF documents containing a malicious OLE object. If activated, an HTML page was downloaded and rendered through an Internet Explorer library and the VBScript flaw was exploited to download a malicious payload. The attack could also be conducted via a malicious website. In the case of the latter, it does not matter what browser the user has set as default – on unpatched systems the IE exploit could still work.

The Windows Double Kill exploit code was posted online this week and it didn’t take long for it to be incorporated into the RIG exploit kit. End users could be directed to the RIG exploit kit through phishing campaigns, malvertising, web redirects, or potentially could visit malicious sites through general web browsing. In addition to the Windows Double Kill exploit, the RIG exploit kit contains many other exploits for a wide range of vulnerabilities. Any individual that lands on a URL with the kit installed could be vulnerable even if the latest Windows patch has already been applied.

The threat from email-based attacks is also likely to grow. The Double Kill exploit code has also been incorporated into the ThreadKit exploit builder, which is used to create malicious Office documents for use in phishing attacks.

Protecting systems against these types of attacks requires prompt patching, although many organizations are slow to apply updates out of fear of compatibility problems, which could cause performance issues. Consequently, prior to applying patches they need to be fully tested and that can take time. During that time, organizations will be vulnerable to attack.

A web filter – such as WebTitan – provides an additional level of protection while patches are assessed for compatibility. WebTitan provides protection against exploit kits and malware downloads by preventing end users from visiting known malicious sites, either through general web browsing, redirects, or via hyperlinks contacted in phishing emails.

TitanHQ Integrates its Web Filtering Platform into Kaseya’s IT Complete Suite

Managed Service Providers (MSPs) now have the option of providing an additional layer of security to their clients to protect against web-based cyberattacks now that TitanHQ’s powerful 100% cloud-based web filtering solution, WebTitan, has been incorporated into the Kaseya IT Complete suite.

The Kaseya technology alliance partner (TAP) program is highly regarded and brings together some of the world’s leading providers of IT solutions for MSPs, including Bitdefender, Cisco, and Dell.

The Kaseya IT Complete platform provides MSPs with easy access to a wide range of managed service-ready software, including cybersecurity, cloud management, endpoint management, network management, identity & access management, and disaster & recovery services. The platform makes it easy for MSPs to expand the services they provide to their clients and deliver invaluable solutions quickly and efficiently.

The platform has been developed to help MSPs increase revenue by providing profitable new services, automate the delivery of those services, and add more value by exceeding SLAs. The ease at which the solutions can be delivered saves MSPs valuable time, allowing them to free up staff to work on strategic projects.

MSPs have access to a wide range of cybersecurity solutions through the platform, but one notable gap was an easy to deploy web filtering solution. The addition of WebTitan to the Kaseya platform allows MSPs to add another layer of security to better protect their clients from web-based threats and malware and ransomware downloads. Being DNS-based, the solution can be quickly deployed with no need for any software downloads, hardware purchases, or site visits and can be deployed and configured in a matter of minutes.

The integration of WebTitan into the Kaseya IT Complete platform was completed in time for the Kaseya Connect conference, which is taking place this week in Las Vegas, Nevada. The event will be attended by some of the top MSPs from around the world.

“Kaseya is a partner we have admired for a long time and I’m delighted to announce this integration,” said Ronan Kavanagh, CEO of TitanHQ. “With over 10 million endpoints under their management it represents a massive opportunity for our business. We look forward to working with Kaseya’s MSP partners and adding our personal touch and renowned focus on great customer support.”

Adding WebTitan to our open ecosystem of partner solutions means our customers now have even greater access to best of breed technologies to meet the needs of their business. With growing concerns over malware, ransomware and phishing as key threats to MSP customers, WebTitan adds a highly effective layer of protection,” said Frank Tisellano, Jr., vice president product management and design.