Exploits targeting Adobe’s Flash plug-in surges

NEW DELHI, INDIA: F-Secure Labs has discovered a recent surge in the number of exploits targeting Adobe’s Flash plug-in.

Given the consistent use of Flash vulnerabilities in crimeware, F-Secure is adding their voice to other security researchers suggesting that Adobe and other companies reconsider using the popular plug-in.

Flash vulnerabilities were thrust in the limelight after a zero-day exploit used by the Italy-based surveillance company Hacking Team was stolen in a recent attack, resulting in its proliferation in exploits kits used by criminals.

According to F-Secure Labs, detections of Flash exploits from exploit kits increased by 82pc in the days following the attack.

Researchers are attributing this increase to the adoption of the zero-day exploit stolen in the hack, as well as the subsequent discovery of two additional zero-day exploits.

“Criminals using exploit kits typically target insecure software that’s widely used, and Flash has given them an easy target for at least the past seven or eight months,” said F-Secure Senior Researcher Timo Hirvonen.

“Newer technologies are available and becoming more popular anyway, so it would really be worth the effort to just speed up the adoption of newer, more secure technologies, and stop using Flash completely.”

According to F-Secure Security Advisor Sean Sullivan, businesses need to pay closer attention to how employees expose themselves to online threats by carelessly browsing the web. “I characterize Flash as a low-hanging fruit because it’s become such a popular target for opportunistic attacks,” he said.