Adobe Flash zero-day flaw under attack

Software giant Adobe recently announced that hackers exploited a vital zero-day flaw in the popular and widely installed Adobe Flash software.

The effect of this latest attack

The company is literally scrambling to develop and implement a patch that should close the loophole the attackers have been using to target specific accounts and individuals.

In this case, the zero-day flaw essentially lets the hackers hijack an affected system. That’s right, the bad guys get full control.

The attackers managed to infect more than 100 organisations with this zero-day vulnerability.

Needless to say, this has led to a huge headache for Adobe. On the one hand they have to work double and triple time to patch this gaping security hole, and on the other hand they have to do damage control by dealing with irate customers, many of which are large corporations and government entities.

The hackers behind it

Security firm Kaspersky Labs, credited with identifying the flaw, believe that a group of hackers known as ScarCruft (undoubtedly a name that they ripped off the popular MMORPG StarCraft) is behind the attack.

ScarCruft is but one such group, known as an advanced persistent threat (APT), that utilises attack vectors like zero-day flaws to not only stay one step ahead but also to make sure that their attacks make the largest impact possible when deployed.

ScarCruft, it seems, is a busy body. They did not stop with this single attack. While the Adobe Flash attack was directed towards the North American market, Kaspersky Labs has also identified another Adobe exploit and a Microsoft Internet Explorer exploit being used by the same group to gain access to systems.

Indeed, the Adobe Flash zero-day attack was part of a highly coordinated attack on multiple fronts in multiple countries. The security firm did some deep digging and revealed that users as far away as Nepal, Russia, South Korea, China, India, Kuwait and Romania are having their systems attacked and compromised by the same group.

Next steps to protect your business

ScarCruft has no intention of slowing down. And the scary thing is that for all intents and purposes it’s currently a phantom — ScarCruft came out of nowhere and acted in a highly coordinated manner.

And it is not the only APT group seeking to take advantage of zero-day vulnerabilities.

There are some simple steps you can take to protect your business from malicious cyber-attacks:

Keep your antivirus up-to-date to at least have a fighting chance against viruses that have already been identified

Do not open emails or email attachments from people or organisations you don’t recognise

Do not visit unscrupulous or “dodgy” websites and look to your antivirus and web filtering to block them

To find out more about simple steps you can take to enhance your IT security, download our free security checklist here.

Morris - Morris Treger

Great service!

Jane - Blackjack's Mill Ltd

Problem sorted thanks to Mohammad :)

Laurence - Silva Timber Products Ltd

Quick and easy as everything was done for me.

Petra - Chelsea Psychology Clinic

The guy who helped me was very polite and patient. Also helped me resolve my issue quickly.

Sangita - Banana Tree

Excellent service - Thank You!

Tony - Minerva MC

I was contacted within a few minutes of reporting the issue and within 30 minutes all was sorted. I\'m not totally IT literate but Mohammad was patient and explained everything simply.

Fran - FMC Ltd

I had an issue with Spam email that Mohammed dealt with speedily and efficiently.

Paul - Silva Timber Ltd

Quick service, e-mailed and someone phoned me back within 15 minutes.

Andy - Adams Mitchell

Very quick response, cleared issue very quickly.