Pawn Storm Targets Gov Agencies Through Adobe Flash

By   ISBuzz Team
Writer , Information Security Buzz | Oct 26, 2015 10:00 pm PST

Attackers are exploiting a previously unknown vulnerability in fully patched versions of Adobe’s Flash Player so they can surreptitiously install malware on end users’ computers, security researchers warned. So far, the attacks are known to target only government agencies as part of a long-running espionage campaign carried out by a group known as Pawn Storm. Adobe expects to release a fix next week. Ken Westin, security analyst for Tripwire have the following comments on it.

[su_note note_color=”#ffffcc” text_color=”#00000″]Ken Westin, Security Analyst for Tripwire :

“This latest vulnerability gives us an idea as to the level of sophistication of the Pawn Storm group.

It is not known if the vulnerability was discovered and exploited by the group, or purchased from a third party. At this time they have been the only group exploiting this 0-day vulnerability.

Although the use of a 0-day exploit is a sign of a well resourced and skilled adversary, the attack vector used in this campaign relies on phishing campaigns that specifically target the Ministries of Foreign Affairs.

There is currently no patch available for this vulnerability, however a fix is expected within the next week. Once the new patch hits it will only be a matter of time before public exploits targeting this vulnerability become more widespread. Organizations should quickly identify and catalog vulnerable systems now so they can respond quickly when the patch becomes available.

All organizations should not have Flash, or any browser plugins, installed on critical assets.

Flash should always be disabled uninstalled on systems that do not require it for a legitimate business purpose. Of course, as soon as the patch is available all vulnerable systems should be updated immediately.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire logoTripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]