A critical security hole recently found in Adobe Flash, known as a zero-day vulnerability because it was previously undiscovered, is being exploited by cyber criminals after Adobe released a rush fix.
The Adobe Flash plugin vulnerability, known to have been used by the infamous “Clandestine Wolf” hacker group, was originally spotted by researchers at security firm FireEye, who detected a number of phishing messages targeting businesses in the aerospace, defence, construction, technology, and telecoms industries using it last week.
The attacks leveraged the Flash flaw to steal data from the victim machines and move laterally through company networks.
While serious, the flaw’s scope was originally viewed to be quite limited as it was only one being used by the group “Clandestine Wolf” and Adobe released a fix.
Clandestine Wolf, who in the past has been called APT3 and Clandestine Fox, is a hacker group that has targeted numerous government departments and businesses across the world over the last year.
Since then, the Flash flaw’s potential for harm has grown as independent security researcher “MalwareDontNeedCoffee” has seen various groups begin targeting it using the Magnitude exploit kit.
“Patched four days ago with Flash 220.127.116.11, the CVE-2015-3113 has been spotted as a zero-day by FireEye, exploited in limited targeted attacks. It’s now making its path to Exploit Kits,” he wrote in a threat advisory.
Exploit kits are attack tools commonly traded on underground online black markets that let criminals, who may not have strong computer skills, mount cyber attacks.
The rapid addition of the Adobe flaw to exploit kits has caused concern within the security community, with many feeling most businesses will not have had time to install the Adobe fix.
Jérôme Segura, Malwarebytes’ senior security researcher, said in a blog post that he expects to see more exploit kits add functionality for the flaw and equally serious Flash bugs to appear in the very near future.
“We can expect other exploit kits to follow suit very soon and start delivering this latest vulnerability,” Segura wrote.
“Without a doubt, this is the year of Flash zero-days and many are already suggesting to take drastic measures such as completely uninstalling the plugin.”
Flash is commonly viewed as one of the most insecure pieces of software by security professionals and has been targeted by numerous state and criminal hacking groups.
FireEye uncovered another targeted attack campaign, codenamed “RussianDoll” using Adobe Flash vulnerabilities in a series of targeted attacks in April.
Prior to it, Adobe was forced to patch three zero-day vulnerabilities in January and February, one of which was similarly targeted by the Angler exploit kit.
Business Insider Emails & Alerts
Site highlights each day to your inbox.