In addition to these two zero-day exploits, over 100 organizations in North America last month fell victim to a tailored spear phishing campaign aimed at the retail, restaurant, and hospitality industry. The campaign would send emails that contained variations of Microsoft Word documents with embedded macros. If enabled, the macros would then download and execute a malicious downloader called PUNCHBUGGY. PUNCHBUGGY is a DLL that can interact with compromised systems and move laterally across the environment. In addition, PUNCHBUGGY could take advantage of a previously unknown elevation of privileges (EoP) exploit and a point of sale memory scrapping tool dubbed PUNCHTRACK by FireEye. According to FireEye, in some victim environments, “the threat actor exploited a previously unknown elevation of privilege (EoP) vulnerability in Microsoft Windows to selectively gain SYSTEM privileges on a limited number of compromised machines.”
Microsoft and Adobe have both released patches for all vulnerabilities: CVE-2016-0168, CVE-2016-0167 and CVE-2016-4117. If you haven’t downloaded and installed the recent fixes, please do so as soon as possible.
CyberSheath can help protect your assets. Contact us to learn more about our throughout information security assessments and other security-related program development.