infoTECH Feature

October 23, 2014

Vulnerability Shows How Quickly Cybercriminals Act to Deploy Exploit Kit

Adobe (News - Alert) was notified recently of a vulnerability in its Flash Player that would enable cybercriminals to install malware on a PC. Although Adobe addressed the issue and issued a patch for it, security analysts found soon after that the vulnerability was being exploited using a tool known as Fiesta.

The vulnerability was originally discovered by the Zero Day Initiative (ZDI), a program setup by TippingPoint, which develops software security and is owned by Hewlett-Packard (News - Alert). ZDI has a database that allows researchers to access and contribute information about security vulnerabilities and related issues. The vulnerability was designated CVE-2014-0569 by the National Vulnerability Database, a centralized repository of vulnerabilities maintained by the U.S. government.  

Researchers can register for ZDI by providing nothing more than an email address, user name and password, although ZDI encourages referral information. ZDI accepts researchers worldwide except from Cuba, Iran, North Korea, Sudan or Syria. It has a program that pays rewards for researchers who provide vulnerability reports and meet ZDI’s terms and conditions.

ZDI discovered the vulnerability in Adobe’s Flash Player back in September and secretly notified Adobe about the problem. On October 14, Adobe issued an advisory about the vulnerability, advising all users to upgrade to the latest version of Flash Player. On October 21, a researcher with the online name Kafeine, discovered that the Fiesta kit was exploiting CVE-2014-0569 only a week after it had been made public.

According to Lucian Constantin, a Romanian correspondent for IDG News Service who covers security issues, it is highly unusual for an exploit to be ‘in the wild’ so quickly. Fiesta is a commercial exploit kit distributed through underground channels used typically in mass ‘drive by’ attacks.

These exploits typically take more than a week to construct. Since this exploit was built so soon after Adobe went public, it’s conceivable that it came from a highly savvy attacker, who got leaked information in the time between ZDI’s discovery of the vulnerability and the time Adobe issued the security bulletin.

As Constantin pointed out, regardless of the exploit’s source, users should install the latest updates post haste. The biggest lesson learned from this incident is that cybercriminals are acting faster than before. While it’s easy for individuals to upgrade quickly, larger enterprises will have a harder time doing the same. This could affect company policies on how security patches are installed in the future.




Edited by Stefania Viscusi
FOLLOW US

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers