CSTI
    vulnerabilityThe Commercial Era (2010-2019) Daily Briefing

    Cybersecurity Briefing: February 8, 2018 - Flash Exploits and Cryptojacking Surge

    Thursday, February 8, 2018

    Today, cybersecurity professionals are on high alert as a series of significant incidents unfold. Notably, cybercriminals have launched a massive spam campaign exploiting a recently patched critical vulnerability in Adobe Flash Player (CVE-2018-4878). This vulnerability allows attackers to execute arbitrary code on unpatched systems, putting countless users at risk. The campaign underscores the perils of outdated software and the necessity of prompt patching to safeguard systems from exploitation.

    In a disclosure published earlier today, researchers report a staggering 1,200% surge in cryptojacking incidents throughout February. This trend involves unauthorized use of computing resources to mine cryptocurrencies, often without the victims' knowledge. Flaws in widely used web plugins, including the ‘BrowseAloud’ accessibility tool, have exacerbated this issue, enabling attackers to infiltrate systems more easily. The rise in cryptojacking reflects a growing trend that poses significant threats to organizational resources and privacy.

    Overnight, multiple UK government and council websites faced outages due to infections from cryptocurrency mining malware, highlighting vulnerabilities within public sector digital infrastructure. The infiltration of such critical websites raises concerns about the security measures in place to protect sensitive data and the potential impacts on public trust.

    These incidents illustrate the ongoing challenges organizations face in maintaining robust cybersecurity. The exploitation of known vulnerabilities like those found in Adobe Flash, combined with the rapid evolution of attack vectors such as cryptojacking, signals the need for enhanced vigilance and proactive security measures. As cyber threats become more sophisticated, the importance of timely updates and security awareness cannot be overstated. Organizations must invest in comprehensive cybersecurity strategies to mitigate risks and protect both their digital assets and their users.

    Sources

    Adobe Flash cryptojacking vulnerabilities public sector cybersecurity