Adobe Flash Player 220.127.116.11 and earlier for pretty much everything that matters is vulnerable to attack – and is being attacked by “limited, targeted” attacks in the wild according to OSINT. While it’s only been confirmed for use in targeted attacks this is very bad news for the rest of the world. Neutrino Waves Exploit Kit (EK) aggressively deploys new Flash based exploits to maximize success in deployment of payloads like CryptXXX ransomware. This includes the new .crypz encrypting malware that few have heard about in the past few weeks as actors have moved from Angler to Neutrino Waves. At least two major campaigns are moving in this direction, ElTest and psuedo-Darkleech. The patch for this came out on June 16th, a few days ago, more than enough time for mature Russian eCrime actors to reverse the patch and develop an exploit. While nobody has reported this CVE in an EK yet it’s only a matter of time.
Ask yourself this – how long will it be before Flash is updated within your organization? If you have prioritized Flash updates – and emergency procedures accordingly – you should as it’s arguably the number one third party opportunistic remote attacker based threat in the world today. That means your employees can be doing their normal day job and get hit with network aware encrypting malware that will relentlessly crawl through your network wreaking havoc attempting to extort thousands of dollars from you. Is it worth it to not proactively protect against the Flash vector of exploitation that is highly likely in this situation? In a world where real encryption – robust encryption is used in ransomware – you must focus on proactive measures before disaster strikes.