ThreatInformer Cyber Threat Advisory – March 2018 - DAC Beachcroft

ThreatInformer Cyber Threat Advisory – March 2018's Tags

Tags related to this article

ThreatInformer Cyber Threat Advisory – March 2018

Published 27 March 2018

In the wake of the catastrophic Spectre and Meltdown bugs published in January, the usual suspects are back at large again, with Microsoft and Adobe leading the way with serious vulnerabilities. Recent trends also show a spike in crypto-currency mining malware – is this the new Ransomware?

Drive-by Cryptominers on the Rise

Malvertising (malicious advertising) and online fraud through forced redirects, fake links and trojan downloaders have been around for years. However, new attack groups are turning to in-browser cryptocurrency miners to make their cash. By visiting an attacker’s webpage, malicious JavaScript can be executed to harness a device’s computing power and start mining cryptocurrency.

Users don’t often apply web filtering settings to mobile devices, and Android users are now being targeted for their devices computing power.

A study by MalwareBytes showed how these pages send CPU usage to 100% and can be almost impossible to detect. With many attackers jumping on the cryptocurrency bandwagon, will they change their primary focus to malicious use of a device’s computing power, or will cryptominers become a bolt on to more standard attacks?

Bug-bonanza with latest Microsoft Patches

Microsoft’s security update for February 2018, addressed a whopping 50 CVE listed vulnerabilities across Office, Edge, Windows and other software. The list contained 14 critical issues for patching, including 2 serious vulnerabilities in Microsoft outlook.

The full details can be found here

Adobe Flash Player RCE

A critical Remote Code Execution (RCE) vulnerability has been found in Adobe Flash Player (CVE-2018-4878). Successful exploitation could allow an attacker to take remote control of a machine. Adobe is aware of an exploit in the wild, which is being used in targeted attacks.

Watch Out Skype Users

A serious vulnerability has been uncovered in the Skype updater. The bug could allow an attacker to gain full control of a machine through local privilege escalation.

When Skype's update installer imports supporting software, attackers can to trick it into running their own malicious code, which gets installed with system level permissions.

However, Microsoft (Skype’s owner) has reported that it will not be patching this vulnerability in the foreseeable future. Full vulnerability details can be seen here


Authors

Hans Allnutt

Hans Allnutt

London - Walbrook

+44 (0) 20 7894 6925

Patrick Hill

Patrick Hill

London - Walbrook

+44 (0)20 7894 6930

< Back to articles