It is now urgent to patch any Adobe Flash Player machines in your network. Why? There is an exploit kit called Magnitude that now uses a recently patched Flash zero-day vulnerability. An emergency out-of-band update for Flash was released June 23-rd.
French researcher Kafeine reported that a sample he encountered was dropping two instances of Cryptowall ransomware on any Windows 7 computer running Internet Explorer 11. Cryptowall is a strain of ransomware that encrypts files on a victim’s computer and demands a ransom, generally paid in Bitcoin. The FBI last week said that consumers have reported losses of more than $18 million related to infections caused by this leading strain of ransomware
Flash vulnerabilities are a favorite attack vector for criminal hackers and nation-state groups because of the player’s ubiquity on Windows machines especially. These groups are moving quickly in developing exploits for patched vulnerabilities; Kafeine said it took only four days for this one to show up in Magnitude, for example.
Now that criminals have absorbed the exploits into Magnitude, they expect to turn a profit against unpatched machines by infecting them with Cryptowall, fast becoming one of the most prolific crypto-ransomware tools in use.
Close to three weeks ago, the SANS Institute warned that it was observing a spike in Angler Exploit Kit traffic containing Cryptowall 3.0 ransomware. The same group, SANS said, could also have been behind a simultaneous spam campaign pushing the same version. Version 3.0 encrypts files stored on a compromised computer and demands a ransom, usually $500 payable in Bitcoin, in exchange for the encryption key. The malware uses numerous channels to communicate and send stolen traffic to its keepers, including I2P and Tor anonymity networks.
With this ransomware explosion, new school security awareness training which combines web-based on-demand training by a social engineering expert, combined with frequent simulated phishing attacks is a must these days to protect your organization against these kinds of attacks. Find out how affordable this is today:
- See more at Threatpost