Last Tuesday Adobe Systems released a patch for the Flash
Player vulnerability, CVE-2015-3113. However
just four days later a malware researcher, who goes by Kafeine, spotted the
Magnitude exploit kit being used for a drive-by download attack, exploiting the
vulnerability.
The Common Vulnerabilities and Exposures database tracked
the flaw known as CVE-2015-3113. It
turns out that CVE-2015-3113 had zero-day status and had been targeted for
several weeks by a China-based cyberespionage group prior to the patch being
released. These attacks were targeted
against organisations in a broad range of industries from aerospace, defence
and technology to construction, transportation, engineering and telecommunications.
The goal of the exploiters is to compromise sophisticated defence
systems and to remain undetected for as long as possible. For this reason it is not uncommon for Flash
Player and other popular applications to be targeted in zero-day exploits.
Despite this, incidents of non-selective, widespread attacks
using zero-day exploits are uncommon; predominantly due to the value of
zero-day vulnerabilities to the attackers.
Financially it is not sensible for such brash campaigns to be used as
this draws attention to the vulnerability and makes it more likely for it to be
discovered and patched quickly.
Instead the exploiters usually prefer to integrate their
exploits into already patched vulnerabilities, working on the principle that
many users will not install patches speedily enough. The creators of these exploit kits, however,
are dramatically reducing the time they need to incorporate the attack. As such, users are being left with a much
shorter time frame to deploy the patch in before the exploits are
integrated. In the case of the
CVE-2015-3113 vulnerability this was only 4 days. This causes issues in organisations who
typically install updates in schedules often separated by more than a
week.
Another Flash Player exploit occurred earlier this year by
the Nuclear EK exploit kit. This was
integrated a mere week after the patch was released. A decreasing
trend in patch window size is emerging.
Currently the Magnitude attacks on the CVE-2015-3113
vulnerability install the Cryptowall ransomware, if successful. This could be changed at any time by the
attackers.
No comments:
Post a Comment