Hackers Actively Exploiting Latest Adobe Flash Hole
On Monday Adobe alerted the public that attackers are taking advantage of a remote code execution security vulnerability in its Flash platform in Web browsers.
Security firm Kaspersky Lab researchers first discovered the zero-day flaw, designated CVE-2017-11292, and observed it being used to attack enterprises and government organizations. As of Monday, researchers have found that targets have included targeted individuals (including some politicians) in Iraq, Afghanistan, Russia, Iran, Africa, the Middle East and the United Kingdom.
In response, Adobe has released a Flash security update, currently available for Google Chrome, Microsoft Edge and Internet Explorer, and the company urges users to update both the browser and desktop versions of Flash as soon as possible.
Researchers for the company also confirmed that the group behind the recent attacks also had a hand in another zero-day flaw reported in September and is known as BlackOasis.
The group has been known to exploit vulnerabilities in Flash to upload the FinSpy malware, which is a commercially available tool commonly used for surveillance activites. Kaspersky Lab also argues that this tool is being used in large campaigns by nation states.
"In the past, use of the malware was mostly domestic, with law enforcement agencies deploying it for surveillance on local targets," wrote Kaspersky in a blog post on Monday. "BlackOasis is a significant exception to this – using it against wide range of targets across the world. This appears to suggest that FinSpy is now fuelling global intelligence operations, with one country using it against another. Companies developing surveillance software such as FinSpy make this arms race possible."
Once the FinSpy malware is installed through means like this week's Flash vulnerability, the affected systems connect to command and control servers in Switzerland, the Netherlands and Bulgeria, where data can then be extracted.
Along with Adobe's advice of updating Flash, Kaspersky recommends enterprises use the killbit feature of Flash and completely disable it in systems where it's not needed, along with keeping up to date with all security software updates and conducting regularly scheduled IT infrastructure threat assessments.