Adobe Flash Player stays a target for cybercriminals

It is an overstatement to even consider the Flash Player already dead, as exploiters are targeting potential victims that have an unpatched version of the Flash Player. As opposed to mourning its death, you should get patching.

The intelligence company Recorded Future issued a statement that Adobe Flash Player has an increased popularity among crimeware kits, 6 out of the top 10 liabilities being preferred by cybernetic attacks that concern it. The top is completed by various versions of Windows OS, Internet Explorer and Silverlight. These statistics were found after a year-long period whilst looking at approximately 141 exploits.

These exploit kits aid the cybercriminals with running and then managing an attack with no programming experience needed. All they have to do is provide a large payload. It comes in all forms but it’s generally encountered as a banking Trojan, a ransomware sample or a spam bot. Providing that you pay for the software that could range from 50$ a day to 4000$ a month for a Neutrino kit.

To provide information about the victim’s software, installed plugins and browser it is only necessary to have a kit installed and it is enough to figure which weak points can be taken advantage of. A method that is not so hard to use that tackles a confusion flaw, namely CVE-2015-7645 has made its appearance in seven exploit kits and it was made famous by Pawn Storm, a Russia –financed espionage group. It targets Flash on all operating systems, which makes it to be regarded as one of the most popular error to use with these kits.

A lot of the exploit kits became powerless versus system running more secure versions of Flash but with no use as they targeted attack mitigation features that were embedded into Flash by Adobe’s joint efforts with Google’s Project Zero. This got them right back in the action of resorting systems to failure, getting them right back in business.

A report stated that the weakness was fixed by Adobe rather quickly but with no use, because the multitude of operating systems has kept it in its place. Reported Future highlighted the same vulnerability and regarded it as the “method confusion”. They said at that respective moment that patching the software can significantly lower the risk of getting cyberattacked.

Leave a Comment