A recent successful zero-day Flash attack began with a spear-phishing email. These Windows 10 and Office 365 settings could have prevented it. Credit: Balaram Mahalder A recent Windows Defender Advanced Threat Protection (ATP) alert described an Adobe Flash zero-day vulnerability (CVE-2018-15982) that was used in a spear-phishing attack against a medical institution in Russia. Adobe released a patch on December 5, 2018. This vulnerability and attack sequence highlighted a number of mitigations that you can use to block such attacks.The attack started with a spear-phishing campaign. In this instance, the spear-phishing email consisted of a RAR archive file containing two files. The first was a lure document. The second was a another RAR archive file disguised as a .jpg file.When the user opened the document, an embedded Active X Flash control was activated. The control then ran a command script that unzipped the archive file and ran the payload. A scheduled task was created to start a backdoor whenever the user logged in. It collected system information and then uploaded it to a hard-coded command-and-control IP address every five minutes. The backdoor was set to be able to receive instructions that could be loaded into memory.You can mitigate this threat in several ways, and you can detect if your email account has been compromised. Enable Windows Defender System Guard to turn on hardware-based isolation. Enable cloud-delivered protection and automatic sample submission in Windows Defender Antivirus. This allows machine learning to detect new variants. MicrosoftEnable cloud-delivered protectionCheck the settings in Office 365 to ensure that you can block targeted spear phishing attempts. Ensure that you have enabled or purchased Office 365 ATP. Make sure that Office 365 checks on links (ATP Safe links) and deletes sent email based on threats. Turn on attack surface reduction rules on Windows 10 to limit executable activity initiated by Office macros. Review what actions on internet connections you can take on your firewall to limit browsing or arbitrarily downloading files. Also review if you have the ability to limit connections by geographic connections, IP or any other options.Bottom line, before you are attacked, look for ways that you can protect yourself now. Don’t think in terms of “if” you will be attacked, think in terms of “when”. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe