Try as we might, no system or program can be made 100 percent hacker-resistant. Cyber attackers are a crafty bunch, always deploying the latest technology and constantly changing techniques to infiltrate systems and steal or corrupt data. In the aftermath of major security breaches at Target, Home Depot, and Sony, people and companies are more aware of the ongoing threats out there, but preventing them is proving quite challenging. Now, many in the security community are turning their attention to the latest incident. It may not get the same headlines as others, but the zero-day flaws recently discovered in Adobe Flash represent just one more thing for security teams to worry about. How the flaws were discovered and the response to them can be instructive on how to handle similar challenges in the future.
What happened?
On January 21, a flaw was unearthed in Adobe Flash Player that would facilitate the use of zero-day attacks. These attacks essentially take advantage of an unknown vulnerability in a program, operating system, or application to spread malware and other harmful code. They are called “zero-day” attacks because at the time of discovery, developers have had no time to fix the flaws yet. The zero-day flaws found in Adobe Flash Player were serious for a number of reasons, the main one being Flash’s popularity. Adobe Flash Player is used on all of the most popular web browsers and operating systems, making it a tempting target for eager hackers. And that’s exactly what happened. The zero-day attacks focused on exploiting operating systems such as Windows 8 and earlier, while also exploiting browsers like Internet Explorer and Firefox. Luckily, Chrome and later versions of Windows (like 8.1) were considered safe from the attacks.
The attacks hit swiftly, in some cases causing computers to crash. More serious, however, was the potential of having an attacker take control of the programs and machines that were infiltrated. This is what Adobe referred to as drive-by-download attacks. Another flaw lead to botnet and adware being installed on the affected system. This flaw brought with it the potential to have fraudulent ads appear in a user’s browser. If clicked, they would send the user to a malicious website where more malware would be installed.
Luckily, Adobe’s response to the zero-day flaw discovery was impressively fast. Only a day after the flaws were found, Adobe released a patch to fix the first problem. While the company said it would take another week for the next patch to be developed, it was released a mere four days later. The danger has since passed, and people and businesses can breathe a little bit easier for now, but the attacks are only a reminder of all the threats out there. Remember, the zero-day flaws were there the whole time; other flaws that have yet to be discovered also exist.
What can we do about it?
The response to the zero-day attacks affecting Adobe Flash can help IT security teams prepare for what’s to come in the future. Many of the preventative and safety techniques can be used in almost any situation. Part of the danger of these recent zero-day attacks comes from clicking on links; hence, all employees within an organization should know never to click on a suspicious link or visit a suspicious website. Many hackers try to use social engineering to make people think an email or link is legitimate, so workers should be aware of those techniques as well. Security teams should also be constantly reading up on the latest threats and monitoring web sites for headlines on new incidents. In this case, they could have disabled Adobe Flash on their companies’ computers until proper patches were developed. They may also make use of gateway technologies that can block and detect malware before it infiltrates the system.
There are many things for security teams to worry about as security threats continue to evolve. The environment is a perilous one, and as businesses continue to get connected and operate online, the need for vigilance only increases. As the Adobe zero-day attacks show us, weaknesses will always be discovered, but with the right preparation and rapid response, any damage can be minimized and valuable data can be kept safe.