APT3 goes phishing in Adobe Flash Player security hole

A security vulnerability in the latest version of the Adobe Flash Player browser plugin—reported last week—was used by a Chinese hacking group known as APT3 (Advanced Persistent Threat 3) to exploit target hosts with a command and control campaign. Browser plug-ins are common malware targets because they often contain security holes that that can be exploited to gain control of systems. Adobe published a security update on June 23, 2015.

APT3 sent phishing emails aimed at organizations in the aerospace, defense, construction, engineering, high tech, telecommunications and transportation industries, according to FireEye, the security research firm that discovered the flaw.

“This group is one of the more sophisticated threat groups that FireEye Threat Intelligence tracks, and they have a history of introducing new browser-based zero-day exploits (e.g. Internet Explorer, Firefox, and Adobe Flash Player),” the researchers write. A zero-day exploit is one which has never been used before; thus, the firm involved has “zero days” to fix it.

Why phishing is a favorite pastime for the bad guys

Phishing is a type of exploratory attack via email in which cyber criminals attempt to obtain victims’ sensitive data then use victim credentials to infiltrate a network.

Spear phishing targets specific individuals in an organization by mining social networks (for example) in order to impersonate senders, personalize the phishing email and trick prospective victims into clicking a link or opening an attachment.

Spear phishing is viewed as an advanced persistent threat attack and has been used to gain long-term access to sensitive networks, data and resources. Spear phishing continues to threaten networks in part because it works so well:

Spear phishing emails had an open rate of 70 percent, compared with an open rate of just three percent for mass spam emails. Further, 50 percent of recipients who open spear phishing emails also click on enclosed links, which is 10 times the rate for mass mailings.

Compared to broad-based emails, spear phishing costs 20 times more per individual targeted. However, the average return from each spear phishing victim is 40 times more than that of phishing.

A spear phishing campaign comprised of 1,000 messages is likely to generate 10 times the revenue of a phishing mailing targeting 1 million individuals.

Download The Guide to Modern Endpoint Backup and Data Visibility to learn more about selecting a modern endpoint backup solution in a dangerous world.


Leave a Reply

Your email address will not be published. Required fields are marked *