The formidable AdGholas malvertising threat group is now believed to be linked to the recent ransomware attack on University College London. The malvertising group, which used its Astrum Exploit Kit to distribute the Mole ransomware, appears to be moving away from its traditional theatre of operations in banking malware in favour of dishing up large helpings of ransomware.
Researchers suggest that, while exploit kit activity has declined over the past eighteen months, ‘zero-click-required’ campaigns are growing to fill the space. A compromised PC now merely needs to visit a page displaying a malicious ad to be infected with the hacker’s malware. A similar recent incident involved a no-click PowerPoint campaign.
While UCL has announced that all services are now back to normal, the attack highlights the vulnerability of universities to hacking due to the large amount of valuable intellectual property they hold, the sheer number of interconnected devices and networks, and the large number of people using them.