One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2137 |
| Date de publication | 2016-05-27 15:13:00 (vue: 2016-05-27 15:13:00) |
| Titre | How Attackers Use a Flash Exploit to Distribute Crimeware and Other Malware |
| Texte | BackgroundAdobe Flash is multimedia software that runs on more than 1 billion systems worldwide. Its long list of security vulnerabilities and huge market presence make it a ‘target-rich environment’ for attackers to exploit. According to Recorded Future, from January 1, 2015 to September 30, 2015, Adobe Flash Player comprised eight of the top 10 vulnerabilities leveraged by exploit kits.Here is an illustration of just how quickly bad actors can deploy an exploit:May 8 2016: FireEye discovers a new exploit targeting an unknown vulnerability in Flash and reports it to Adobe.May 10 , 2016: Adobe announces a new critical vulnerability (CVE-2016-4117) that affect Windows, Macintosh, Linux, and Chrome OSMay 12, 2016: Adobe issues a patch for the new vulnerability (APSB16-15)May 25, 2016: Malwarebytes Labs documents a 'malvertising' gang using this exploit to compromise your system via distribution of malware well-known websites and avoid detectionThe Malwarebytes blog is a good read, as it provides several examples of how sophisticated malware distribution schemes have become. For example, it breaks down the malicious elements of a rogue advertising banner that the Flash exploit allows attackers to use to push out malware. Among other things, it runs a series of checks to see if the targeted system is running packet analyzers and security technology, to ensure that it only directs legitimate vulnerable systems to the Angler Exploit Kit. “The ‘dirty’ version of an ad banner showing its real intent” Source: MalwarebytesImpact on youWith over 1 billion systems running Adobe Flash, it is likely that one or more systems under your control are vulnerable to this exploit. Fortunately, there is a fix to patch the vulnerability. Unfortunately, according to Adobe, it takes 6 weeks for more than 400 million systems to update to a new version of Flash Player. Six weeks (or however long it takes you to patch Flash) is a long time to be at risk of being compromised by ransomware via the Angler EK.How AlienVault HelpsThe AlienVault Labs team performs the threat research that most IT teams simply don’t have the expertise, time, budget, or tools to do themselves on the the latest threats, and how to detect and respond to them. The Labs team regularly updates the rulesets that drive the threat detection, prioritization, and response capabilities of the AlienVault Unified Security Management (USM) platform, to keep you up to date with new and evolving threats.The AlienVault Labs |
| Envoyé | Oui |
| Condensat | related “aguaderos”: “watering “the ‘target 2015 2016 2016: 226 400 4117 4117:exploitation ability according across actors added adding adobe advertising affect alerted aliens alienvault allows also among analyzers angler announces antes apsb16 are attacker attackers available avoid backgroundadobe bad banner become being between billion blog breaks budget can capabilities checks chrome client community comprised compromise compromised contributed control correlation could crash created crimeware critical customers cve date defenseataques defenses deploy deployment detect detectando detection detectionthe directive directs discovers discussed distribute distribution documents don’t down drive earlier eight elements emerging engage ensure environment’ events evolving example examples exchange exists expertise exploit exploit:may exploits fellow fireeye fix flash following fortunately forums from future gang get good group has have helpsthe here hole” host how however huge ids illustration included indicate indicators infectados information installation integration integrity intelligence intent” iocs issues its january just keep kit kits known labs last lastly latest legitimate leveraged likely line link linux list long macintosh make malicious malware malwarebytes malwarebytesimpact management market may means microsoft million monitoring more most multimedia muy network new news now one only open osmay other otx out over packet patch performs platform platform’s player policy possible potentially presence present prioritization product provides push que quickly range ransomware read real recently recorded regularly released reports research respond response result rich risk rogue rule rulesets running runs schemes sea security see september series several showing side signatures simply six software sophisticated source: storiesantivirus successfully system systems take takes tardefile targeted targeting team teams techniques technology than them themselves these things threat threats time tools top traffic uncompressed under unfortunately unified unknown update updated updates use users using usm usm usuarios vectors version versions visit vulnerabilities vulnerability vulnerable we've websites weeks well whenever wide windows worldwide your youwith |
| Tags | |
| Stories | |
| Notes | ★★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.