Malicious ActiveX-embedded documents are distributed via phishing emails.
Recently, new zero-day vulnerability was found in Adobe Flash that hackers have already successfully exploited to take control of Windows computers. Cybersecurity experts have revealed that the exploit involves malicious ActiveX-embedded documents that cybercriminals distribute through phishing emails.
The newly discovered vulnerability was classified as critical and was identified as CVE-2018-15982.
First, the victims receive the phishing e-mail and open the infected document, and then the ActiveX plug-in instructs Adobe Flash to execute the code on the attacked computer. Hackers next exploit the new zero-day vulnerability to access the command line to the attacked system. Then download and run another payload.
The Adobe's new critical zero-day vulnerability, as well as the hacker attacks exploiting it, was discovered by Gigamon Applied Threat Research's cybersecurity specialists. The company reported its findings to Adobe on November 29, 2018.
So far, it became clear that CVE-2018-15982 is the vulnerability embedded in the Microsoft Office document, and the exploit embedded in the document works on both 32-bit and 64-bit systems. It was found that the hacker's document containing the maliciously crafted Flash object was submitted to VirusTotal from a Ukrainian IP address.
Cybersecurity experts have noticed that the model of this attack was much like the methods of the famous Italian hacker mercenary Hacking Team, which is famous for offering its services to authoritarian governments.
"At best, it could aid the victim's organization in determining intent and guiding response actions, but in reality, whether it is Hacking Team, an impersonator, or completely unrelated, the fact remains a valid zero-day might have been used to perform targeted exploitation against a victim," Gigamon's cybersecurity experts said.
"Although the death of Flash has been widely reported thanks to industry efforts to deprecate and remove Flash from web browsers, vectors such as Microsoft Office remain able to load and execute Flash content," Gigamon added.
Ways we can help ourselves
AMATAS cybersecurity experts advise you if you have delayed updates to your desktop Adobe Flash Player application, do so immediately.
In addition, browsers like Google Chrome, Internet Explorer, and Edge still include and use Adobe Flash Player, so they also need to be updated as quickly as possible.
On December 5, 2018, Adobe released security patches to fix the new critical zero-day CVE-2018-15982 and another flaw in the Adobe Flash player installer.
Updates that corporations build and issue are critical to the security of your personal and business devices, information, and financial resources. Remember, due to software and hardware vulnerabilities, hackers most often succeed to compromise their victims' safety. If you have any doubts as to whether your business is safe in this respect, you can always contact cybersecurity experts to check with security assessment services whether you are at risk of hacker attacks or information and funds steal.