It has been reported that hackers are working to break into federal agencies using a recently patched Adobe Flash Player vulnerability. The FBI has warned that it “has received information regarding a likely ongoing phishing campaign that started 08 July 2015 and was observed targeting U.S. government agencies.”
Following this, security experts at Tripwire explain what happened:
Enter, Tim Erlin, Director of Security and Product Management at Tripwire: “It’s hardly a secret that large organizations, especially in government, have difficultly rapidly deploying software patches. With that information, it makes sense that a new vulnerability would be employed in just this manner. There’s an opportunity for cybercriminals here, and they’re taking advantage of it.
Organizations should take this opportunity to examine their processes around rapid identification and deployment of patches. Less obvious, but possibly more important, is an organization’s ability to understand their attack surface and manage the configuration of their devices. The response to a newly published zero-day doesn’t have to start with a patch. Organizations could and should respond with a variety of mitigation steps before the patch is available.”
Enter, Ken Westin, Senior Security Analyst at Tripwire: “Normally accessing personal email from a work computer would seem like a low risk activity. However, we currently have a perfect storm where a number of zero day vulnerabilities and exploits have been released to the wild that are actively being used by both criminals and nation-state actors in targeted attacks. The FBI just recently issued an advisory regarding an active campaign that was using a Flash zero day (CVE-2015-5119) targeting government agencies. It is with this increased risk where accessing personal email becomes a greater risk, especially if the attackers know these personal emails, which is not difficult information to gather. DHS can block and monitor suspicious emails that come into agency controlled email accounts, however they have limited ability to block personal emails and any malicious links that they may click, which in this case can lead to system compromise.”