Flash, Arghh

 In ITC's Threat of the Week

It most certainly isn’t the first time and probably won’t be the last before its can’t come soon enough death date (2020) that we bring you some exciting news about yet another serious vulnerability in the gift that keeps on giving, Flash.

“Oh no, not again?” we hear you groan. “Oh yes!” we groan back.

This particularly nasty critter is so bad that Adobe has issued an emergency out of band patch.  It has been given the CVE number CVE-2018-5002 and unlike many other Flash exploits is being seen in the wild. Whoops.

The attack is being delivered using Microsoft Office documents inside the usual tempting email, which themselves load Flash content which performs the exploit and loads the malware onto the unsuspecting user’s machine.

The very clever chaps, chapesses etc. at Qihoo 360 have done a fantastic job of unpacking the exploit. Not for the feint of heart, but well worth a gander.

If you are still running Flash, we seriously advise you to dig a hole make it kneel on the edge and shoot it in the back of the head. If you absolutely must run it, make sure you are on version 30.0.0.113. Attacks are currently being reported in the Middle East, as if they need any more grief, but are expected to spread rapidly. You have been warned.

If you did us the honour of reading the missive from a few weeks ago, you will recall that it was all about a scary piece of nasty code which infects Home routers and Internet of Ting Tings. Imaginatively named VPNFilter by the lads, lasses etc. of Cisco’s Talos  (brilliant) Threat Intelligence unit, this multi purpose rascal is capable of Sniffing Packets, Monitoring SCADA protocols, able to brick an infected device and of course be used as part of a DDOS attack.

Bad news then that it turns out that VPNFilter is a whole lot worse than was first feared. Not only is it now capable of infecting an ever-growing number of vendor’s devices but it is feared that the 500,000 discovered infections represent a dry run for a forthcoming main event.

Given that it appears that the primary aim of VPNFilter is to strip high value details (e.g. bank account details) from traffic passing through the infected router and send them to the lair of the evil genius (Mwahahaha), it would be a really good idea to check the firmware version of your home devices and if you can, upgrade and reboot. All of you technically minded types may want to think about doing this for your less able relatives, Father’s day is coming.

If you want to read a really decent summary of VPNFilter, look no further than this brought to you by the lovely men, women etc. of El Reg.

If you would like to discuss VPNFilter, need help killing Flash or have any other cyber concerns, our crack team awaits you. Contact us at: [email protected] or call 020 7517 3900.

Author: Kevin Whelan

Recent Posts

Leave a Comment

Tel:
+44 (0) 20 7517 3900

 

Contact ITC Secure

If you have a question, request, comment or requirement, please send us an email now and we will get back to you by return