The FBI has issued a warning about hackers employing a phishing campaign using a recently patched Flash vulnerability. Federal Agencies have been a primary target. Internet Explorer for Windows 7, Firefox and Windows XP users are all at risk.
Tim Erlin, Director of IT Security and Risk Strategy at Tripwire says hackers will take advantage of the Flash vulnerability because they know it takes organizations awhile to apply the patch. This would normally be a run of the mill phishing attack, but Ken Westin, Security Analyst for Tripwire says it is a perfect storm that could lead to a system compromise.
Tim Erlin, Director of IT Security and Risk Strategy at Tripwire :
“It’s hardly a secret that large organizations, especially in government, have difficultly rapidly deploying software patches. With that information, it makes sense that a new vulnerability would be employed in just this manner. There’s an opportunity for cybercriminals here, and they’re taking advantage of it.
Organizations should take this opportunity to examine their processes around rapid identification and deployment of patches. Less obvious, but possibly more important, is an organization’s ability to understand their attack surface and manage the configuration of their devices. The response to a newly published zero-day doesn’t have to start with a patch. Organizations could and should respond with a variety of mitigation steps before the patch is available.
Ken Westin, Security Analyst for Tripwire :
“Normally accessing personal email from a work computer would seem like a low risk activity. However, we currently have a perfect storm where a number of zero day vulnerabilities and exploits have been released to the wild that are actively being used by both criminals and nation-state actors in targeted attacks. The FBI just recently issued an advisory regarding an active campaign that was using a Flash zero day (CVE-2015-5119) targeting government agencies. It is with this increased risk where accessing personal email becomes a greater risk, especially if the attackers know these personal emails, which is not difficult information to gather. DHS can block and monitor suspicious emails that come into agency controlled email accounts, however they have limited ability to block personal emails and any malicious links that they may click, which in this case can lead to system compromise.”[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]
Tripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.