I like a good party as much as anyone – but not when it’s about attackers partying down with my computers. If you’ve neglected to apply the October patches released by Adobe for their Flash Player, that’s just what might happen to you.
The Fiesta exploit kit is “old news.” Cisco warned about it back in January of this year, when CSO Levi Gundert discovered that it had been used to attack 300 or more companies in just the previous month. The Fiesta exploit pack that he described was using Java and Microsoft Silverlight to initiate drive-by attacks against a number of businesses. Now experts are warning us that Fiesta can use a vulnerability in Flash Player to do its dirty work.
An exploit kit, a.k.a. exploit pack, is a hacker tool that’s made available publicly, either free or for sale, and enables would-be hackers who don’t have the requisite technical skills to easily launch automated attacks. In fact, exploit kits are believed to be behind the vast majority of all malware infestations. Since the kit comes with all the code you need to exploit known vulnerabilities in common software products, it can be used by people who have no programming expertise. Although many refer to these bad guys as “hackers,” that’s really inaccurate because that appellation implies someone with advanced coding ability.
Adobe’s Reader, Acrobat and Flash Player have long been favorite targets of both real hackers and “kit kiddies.” The vulnerability in Flash Player identified as CVE-2014-0569 in the Common Vulnerabilities and Exposures database, which was patched just this month, is the target of this latest Fiesta kit exploit.
The advantage of attacks such as this is that they are much more difficult for the average user to detect and defend against than, for example, phishing email – yet they accomplish the same thing: driving the users to a malicious or compromised web server that downloads malicious code to their computers.
This isn’t the first time Fiesta has popped up with a new trick. Back in August, a Malwarebytes researcher noticed that the kit had begun dropping two malicious payloads instead of one: Spyware.Zbot.ED and Trojan.Agent.ED.
Interesting, exploit authors and distributors seem to be following the same business trends as legitimate companies. Some are operating on a MaaS model – essentially selling Malware as a Service. Many license the exploit packs on a per-server basis. We’ve come a long way, baby, from the days when most hackers were in it just for the fun and challenge and freely traded their dirty hacking secrets. Today it’s all about the money, and exploit kits can bring in large amounts of revenue for those who produce them.
With it getting easier and easier to launch different types of full-scale cyberattacks, and more and more “hackers for hire” hanging out their shingles, we’re reminded that it’s more important than ever to keep our systems up to date so as not to become a victim of the “kit of the day.”