Menu
New attacks suggest leeway for patching Flash Player is shrinking

New attacks suggest leeway for patching Flash Player is shrinking

It took one week from Adobe's fix to mass exploitation for a recent Flash Player flaw

Cybercriminals are exploiting newly patched vulnerabilities faster, a sign that users and companies need to improve their software updating habits.

Researchers from both Malwarebytes and FireEye reported Thursday that drive-by download attacks using the Nuclear Exploit Kit target a vulnerability that was patched last week in Flash Player.

The flaw, which is tracked as CVE-2015-0336, was fixed by Adobe on March 12. It affects all Flash Player versions older than 17.0.0.134 on Windows and Mac, 11.2.202.451 on Linux and 13.0.0.277 ESR (extended support release).

The latest attacks are launched from hacked websites and attempt to install a Trojan program. The cybercriminal group behind the attacks is known as EITest and has distributed an online banking Trojan called Tinba in the past, according to researchers from Malwarebytes.

Exploit kits like Nuclear are attack platforms that incorporate exploits for multiple vulnerabilities in browsers and browser plug-ins like Flash Player, Adobe Reader, Java or Silverlight. They're rented out to multiple cybercriminal groups who then use them in mass attacks.

Earlier this year, two other exploits kits, called Angler and Hanjuan, exploited vulnerabilities in Flash Player that hadn't even been patched by Adobe at the time -- these are known as zero-day vulnerabilities. However, such incidents are rare.

For one, zero-day flaws are valuable commodities on the black market and are generally used in targeted attacks that are meant to fly under the radar for longer periods of time. It doesn't make sense, financially, to incorporate an expensive zero-day exploit into a mass attack tool, because it will be detected and rendered useless fairly quickly.

With few exceptions, exploit kits have historically targeted known and patched vulnerabilities, aiming to infect users who don't frequently update their software. In fact, most of the current exploit kits still incorporate exploits from as far back as 2010, just because they continue to be reliable and have a decent success rate.

However, the short one-week period it took attackers to develop a reliable exploit for CVE-2015-0336 and integrate it into Nuclear EK, could signal a dangerous trend.

Adobe has made significant efforts to keep the Flash Player installed base up to date by having the plug-in automatically updated under Google Chrome and Internet Explorer on Windows 8.x and by offering an automatic update option inside the program. Despite these actions, many users, especially companies, are still falling behind on updates.

In business environments software patches need to be tested first to ensure they don't break established workflows, so automatic updates are typically disabled. IT departments generally deploy updates according to predetermined schedules that are often more than one week apart.

"Such systems should ideally be sandboxed from the rest of the network or be running anti-exploit software designed to block known and unknown exploits," security researchers from Malwarebytes said.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags patchessecurityFireEyepatch managementMalwarebytesExploits / vulnerabilitiesmalware

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments