According to Kaspersky Lab, one of the world’s leading cybersecurity company’s, there have been live attacks through an exploit in Adobe Flash starting October 10th 2017. Kaspersky Lab and other leading cybersecurity companies are strongly suggesting that businesses using Adobe Flash update their version as soon as possible.

Referred to as zero-day, this type of vulnerability is a “hole” within a program that the manufacturer is only recently aware of but that has already been exploited by a hacker. The hackers will quietly use this hole to execute attacks on systems using that particular program.

In this case, version 16.0.0.287 of Adobe Flash is being used as a gateway to install FinSpy commercial malware onto computers through compromised websites or Microsoft Word documents. In a report from BusinessWire, they explained that “FinSpy is a commercial malware, typically sold to nation states and law enforcement agencies to conduct surveillance. In the past, use of the malware was mostly domestic, with law enforcement agencies deploying it for surveillance on local targets.”

Symantec has reported that the following products are vulnerable to exposure:

  • Internet Explorer versions 6 through 10
  • Windows XP (Internet Explorer versions 6-8)
  • Windows 7 (Internet Explorer version 8)
  • Windows 8 (Internet Explorer version 9)
  • Firefox browser

The company also noted that “Fully patched versions of Windows 8.1 and the Google Chrome browser do not appear to be affected at this time.”

HOW TO STAY SAFE:

  • Both Kaspersky Lab and Symantec are urging users to install the latest version of Adobe Flash or disable it. If you chose to download the latest version of Adobe Flash, remember to only do so from the direct website.
  • Make sure all staff members are educated on attack methods in order to avoid exposure.
  • Perform a security assessment of your infrastructure and make this a recurring practice.
  • Have a security audit performed on your infrastructure to be aware of vulnerability points and make sure a multi-layer solution is in place.

For more information on security assessments and audit services, please click here.

References:

http://www.techrepublic.com/article/businesses-should-update-adobe-flash-immediately-to-avoid-this-exploit/?ftag=TREe01923b&bhid=27733029506249943860869485574155

https://us.norton.com/internetsecurity-emerging-threats-adobe-flash-zero-day-vulnerability-discovered.html

http://www.businesswire.com/news/home/20171016005821/en/Kaspersky-Lab-Discovers-Adobe-Flash-Zero-Day