SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
12 Apr 2016

The latest Flash zero-day was used to spread Cerber ransomware

The latest zero-day vulnerability in Adobe Systems' Flash player has been used over the past two weeks to distribute ransomware called Cerber, email security vendor Proofpoint said.

Adobe said it would patch the flaw, CVE-2016-1019, on Thursday. The vulnerability affects all versions of Flash Player on Windows, Mac, Linux and Chrome OS.

Ryan Kalember, senior vice president of cybersecurity at Proofpoint, said his company detected an attack trying to exploit the flaw on Saturday. One of Proofpoint's customers received an email with a document that contained a malicious macro that led victims through a series of redirects that eventually reached an exploit kit. Exploit kits are software packages planted on domains that hunt for software vulnerabilities on a computer in order to deliver malware. If a victim lands on a page and has a software flaw in Flash, for example, the malware is quietly installed.

The exploit kits using the zero-day Flash vulnerability are known as Magnitude and Nuclear Pack, Kalember said. It's believed just one cybercriminal group is behind Magnitude. "They've been doing ransomware for some time," he said. "They were doing Cryptowall for a while, then they moved to Teslacrypt and now they're on Cerber."

Proofpoint was surprised to see a zero-day vulnerability used to distribute ransomware. Zero-days vulnerabilities are flaws that are actively being used in attacks and are unpatched by a vendor. Such vulnerabilities have a high price in underground markets since it is almost guaranteed that a victim will be compromised.

"The very fact it is being used in ransomware is indicative of just how far ransomware has come since it's clearly profitable enough to use a very, very interesting vulnerability and exploit rather than selling to the highest bidder," Kalember said. The attackers, however, took an interesting step that was perhaps intended to delay security researchers.

Kalember said the Flash exploit was engineered to only infect Flash Player versions 20.0.0.306 and earlier. That conflicts with Adobe's version of events. In its advisory on Tuesday, Adobe said a mitigation introduced in Flash Player version 21.0.0.182 prevents exploitation of the vulnerability. Kalember said the vulnerability actually affects all versions of Flash. The attackers, he said, just engineered the exploit so that it only targeted older versions of Flash, a technique known as degradation.

"It's not Adobe that has mitigated that," he said. "It's the malware authors themselves." Other exploit kits including Angler have also degraded some of their attacks, Kalember said. Cerber is a relatively new type of ransomware that emerged in the last month. Curiously, it will not infect computers that are in Russia or ex-Soviet countries, Kalember said. Ransomware has become one of the most acute problems on the Internet. The malware encrypts most files on a victim's computer. The decryption keys are only obtainable by paying a ransom, which is usually requested in bitcoin.

Tags:
Adobe information leaks Flash Player
Source:
Computerworld
1922
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015