Number: IRCNE2015062555
Date: 2015/06/29
According to “computerworlduk”, just four days after Adobe Systems patched a vulnerability in Flash Player, the exploit was adopted by cybercriminals for use in large-scale attacks. This highlights the increasingly short time frame users have to deploy patches.
On Saturday, a malware researcher known online as Kafeine spotted a drive-by download attack done with the Magnitude exploit kit that was exploiting a Flash Player vulnerability patched Tuesday.
The flaw, tracked as CVE-2015-3113 in the Common Vulnerabilities and Exposures database, had zero-day status - that is, it was previously unpatched - when Adobe released a patch for it. It had already been exploited by a China-based cyberespionage group for several weeks in targeted attacks against organisations from the aerospace, defense, construction, engineering, technology, telecommunications and transportation industries.
It is not unusual to see zero-day exploits for Flash Player and other popular applications being used in highly targeted cyberespionage attacks. That's because the goal of the attackers behind them is to compromise organisations that sometimes have sophisticated defenses and to remain undetected for as long as possible.
On the other hand, while zero-day exploits have been used in more indiscriminate, large-scale attacks, such incidents are rare. That's because zero-day vulnerabilities are extremely valuable and it doesn't make financial sense for attackers to burn them in noisy campaigns where they'll be very quickly discovered and patched.
The new Magnitude attacks that exploit CVE-2015-3113, if successful, install the Cryptowall ransomware.
- 8