Malicious exploits continue to plague unprotected systems. Here are some recent cases.
According to a report by McAfee, the exploit has been used in targeted attacks. It arrives as a Microsoft Office Excel file with an embedded Flash file. When the user opens the Excel file, the Flash file contacts a server and requests a key. When the key is received, the file decodes another embedded Flash file – this is the actual exploit. The key decodes and loads the embedded file.
On February 22, 2018, Morphisec Labs discovered several malicious word documents exploiting this latest vulnerability in a “massive malspam campaign.”
Victims received emails with short links to the malicious website generated by the Google URL Shortener. After they download and open a Word document, the attack exploits a Flash vulnerability and opens a cmd.exe which is then, remotely injected with a malicious shellcode that connects back to the malicious domain. The shellcode downloads an “m.db” dll from the same domain, executed by using regsvr32 process in order to be able to bypass security mechanisms. As a result, victims unknowingly hand over the control of their systems to a hacker.
Adobe released a patch for this vulnerability in early February but some companies may take longer to deploy the patch. Cybercriminals, however, keep developing new methods to exploit security flaws.
According to an analysis of Morphisec, infected documents showed a very low detection ratio on VirusTotal with a 1/67 detection ratio.
How do organizations prevent or minimize zero-day attacks on their computer systems?
1. Patching vulnerable software regularly can stop most hackers and considerably reduce risk.
Most zero-days are discovered as soon as they appear with any frequency and get reported to the software vendor who will then add a zero-day patch to antimalware updates.
Major, undiscovered zero-days may be worth anywhere from tens of thousands to over $100,000 USD. Once discovered, a zero-day’s value may drop to zero. Hackers, therefore, typically “stay low” with zero-days because they know that the vulnerability will be found and patched as fast as possible.
2. Typically, patch management guides recommend that critical patches be applied within one week of their release
According to René Gielen, Vice President of Apache Struts, “Most breaches we become aware of are caused by failure to update software components that are known to be vulnerable for months or even years.”
For example, last year (2017), Equifax reported a cybersecurity breach that compromised the personal information of as many as 143 million Americans. According to Bas van Schaik, a product manager, and researcher at Semmle, an analytics security firm, Equifax had known about the vulnerability back in March 2017. Clear and simple instructions had been provided to remedy the situation. Van Schaik says, “The fact that Equifax was subsequently attacked in May means that Equifax did not follow that advice. Had they done so, this breach would not have occurred.”
Cybercriminals have quickly adopted the Flash vulnerability and successfully launched a massive malspam campaign. They were able to bypass Adobe’s scanning mechanisms.
As technology continues to evolve, so will the methods of attacks that these criminals use.
Netswitch offers different solutions that will help your organization develop an effective cybersecurity strategy that can counter these attacks and prevent company data from being compromised. We have security experts who can assist you in patching your systems regularly.
Contact us today to schedule a consultation.
Tip of the Week:
Having antivirus software is not good enough anymore
Relying on antivirus software for the protection of your company’s system is no longer adequate. Such programs can help but only up to a certain degree, especially when it comes to Trojans, ransomware, spyware, adware, worms, browser hijackers, rootkits, backdoors and keyloggers.
*** This is a Security Bloggers Network syndicated blog from News and Views – Netswitch Technology Management authored by Press Release. Read the original post at: https://www.netswitch.net/unpatched-systems-security-risk/