Proofpoint security researchers recently discovered a new exploit in the Magnitude exploit kit, and working with fellow researchers in the security community, determined that it targeted a previously unreported vulnerability in Adobe Flash Player. This vulnerability, which affects all versions of Adobe Flash Player on Microsoft Windows 10 and earlier, had the potential to expose more than 1 billion connected desktops to ransomware.
Exploit kits are used in both browser-based attacks, such as malvertising and strategic web compromises (SWC), and email-based attacks in which a URL links to a compromised web page that pulls in the exploit kit. The exploit kit then targets the client system with one or more exploits in order to infect it and drop a malware payload. Exploit kits have been a leading distribution vector for ransomware over the last twelve months, so a new, unpatched exploit within an exploit kit represents a significant threat to organizations and their users.
This discovery demonstrates that threat actors are continuing to focus on ransomware, which has already cost businesses and users hundreds of millions of dollars. Organizations should consider adopting Proofpoint Targeted Attack Protection to defend against this and other URL-based advanced threats, as well as applying relevant Proofpoint ET signatures to IDS/IPS monitoring solutions in order to detect potential compromises by payloads associated with this threat.
In addition, Adobe has issued an advisory (APSA16-01) and emergency patch for this vulnerability. All users and organizations running Adobe Flash Player are encouraged to install it as soon as possible. We also recommend organizations consider disabling Adobe Flash Player on client systems until they can be patched.