It has not taken long for unscrupulous individuals to take advantage of the 400 GB of data dumped online after the cyber attack on Hacking Team's servers.
Just a day after the Italian firm selling surveillance software to government agencies confirmed its systems have been breached, exploit kits have begun integrating a zero-day exploit targeting a vulnerability in Adobe's Flash Player that was found among Hacking Team's documents. Along with the exploit, documents detailing how it works and instructions how to use the exploit were also made available online.
As security researcher Kaffeine shows, the Flash exploit is already included in three commercial web-based kits: Neutrino, Angler and Nuclear Pack.
"This is one of the fastest documented case of an immediate weaponization in the wild, possibly thanks to the detailed instructions left by Hacking Team," said Jerome Segura of Malwarebytes.
An exploit kit is a web-based tool that allows people to spread malware throughout the web more easily without needing to have the technical knowledge typically required from cyber attackers. Ordinary people who can learn how to navigate software can easily purchase exploit kits, typically through the underground web, and execute attacks for their own purposes.
Also known as CVE-2015-5119, the Flash exploit has been described by Hacking Team as "the most beautiful Flash bug for four years," which suggests that the firm had been using the vulnerability to break into users' computers. The vulnerability exists in Windows, OS X and Linux and affects web browsers, including Chrome, Firefox, Internet Explorer and Safari.
Adobe says it is aware of the vulnerability and will issue a patch. Meanwhile, users are advised to disable the Flash Player extension on their browsers while waiting for a fix, which Adobe expects to be able to complete this week. However, since many people do not install updates in a timely manner, it is likely the exploit will exist in many computers for a long while.
"Before the attack, Hacking Team could control who had access to the technology, which was sold exclusively to governments and government agencies," said Hacking Team in a blog post. "Now, because of the work of criminals, that ability to control who uses the technology has been lost. Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so. We believe this is an extremely dangerous situation."
This is not the only zero-day exploit that is found in the Hacking Team data leak, says Trend Micro. Two other exploits, one for Flash Player and another for the Windows kernel, were unearthed. The Flash Player bug has already been patched, while Microsoft says the overall risk for an attack using the Windows kernel exploit is "limited."