Phishing Attacks on Feds Tied to Hacking Team Zero-Day

The Adobe Flash nightmare isnEUt over yet. No, not by a long shot. Now, it seems hackers are working to break into federal agencies using a recently patched Flash vulnerability.

Adobe released an emergency update to fix a critical flaw in its Flash Player browser plugin last week. The vulnerability is actively exploited in the wild via limited, targeted attacks. Internet Explorer for Windows 7, Firefox and Windows XP users are vulnerable.

The FBI issued a warning in a memo. "The FBI has received information regarding a likely ongoing phishing campaign that started 08 July 2015 and was observed targeting U.S. government agencies. This campaign is similar to a June campaign launched by similar malicious actors. In both campaigns, the e-mails contain a link that exploits Adobe Flash vulnerability CVE-2015-5119."

A Dangerous Internet

We caught up with Clinton Karr, senior security strategist at endpoint security firm Bromium, to get his thoughts on the ongoing danger. He told us this Adobe Flash zero-day illustrates why Internet content is so untrustworthy: attacks can be committed through the browser, through scripting languages and even through extensions.

EUIt's a greenfield for hackers with no end in sight if the status quo for protection doesn't change,EU Karr said. EUNow that the exploit has been discovered, most security and operations teams are scrambling to do one of two things -- race to deploy the newest patch before hackers can leverage the exploit for an attack. Or test the patch to make sure it integrates with legacy systems.EU

This latest zero-day, as well as others before it, could have been isolated in the first place. Only by isolating the threat are security and ops teams granted the grace period needed to test and deploy these critical patches, he said.

Adobe Victimized

This Adobe flaw, and two others, were made public after...

Comments are closed.