On Monday, Adobe Systems Inc revealed that hackers managed to exploit vulnerabilities of Flash in web browsers. The company encouraged users to patch their computers to prevent attacks.
Adobe announced it after Kaspersky Lab Inc said that BlackOasis, a group of hackers, used the unknown weakness on October 10 to add malicious software on computers before they’re connected back to servers in Bulgaria, the Netherlands, and Bulgaria.
What is the malware called?
It’s known as FinSpy or FinFisher. This malware is a commercial product available for law enforcement agencies and nation states to conduct surveillance.
The group of hackers targets politicians in the Middle East and the officials of the United Nations engaged in the region. It also targets those activists and opposition bloggers, as well as regional news correspondents.
The victims of the attack have been observed in the UK, Afghanistan, Russia, Iraq, Iran and other parts of Africa and the Middle East.
Adobe has already released a Flash security update to resolve the issue. The problem affected Edge, Chrome, and Internet Explorer browsers and their desktop versions.
In July, Adobe announced that it would retire Flash, which was once a ubiquitous technology. Most developers and designers used it to power their media content online.
But because of its vulnerabilities, the late Apple’s co-founder, Steve Jobs, criticized it. He and other experts suggested alternatives, like HTML. Most browsers disabled Flash by default, and they require users to enable it before running a Flash-based content.
Adobe Flash is a popular platform. Although it’s been slowly overtaken by newer technologies, it still offers plenty of applications. Designers used it for their web animations or banners. You can also see games and interactive presentations in Flash platform.
Its popularity spread across all Windows-based computers connected to the Internet.
Despite its many uses, Flash is also known for its exploitations from hackers.
Every technology and platform that we use will be out-of-date in the future. Even the most popular ones will be gone too. Currently, Flash’s usefulness has been over. But there are better alternatives that you can use, like the open standard HTML5.
Flash has been a reputable source of security concerns packed in kits. Because it’s been installed on almost every computer, it makes it a huge target for cyber attacks. The good thing is that without Flash, it still won’t cripple the experience of Internet users.
Although Flash has been updated, it’s still a source of a headache for the IT staff. That’s why, when Adobe announced its retirement, a lot of companies and developers were delighted. Many experts already considered it as an old platform that’s been a constant source of cyber threats, which can no longer be tolerated.
“The attack using the recently discovered zero-day exploit is the third time this year we have seen FinSpy distribution through exploits to zero-day vulnerabilities. Previously, actors deploying this malware abused critical issues in Microsoft Word and Adobe products. We believe the number of attacks relying on FinSpy software, supported by zero day exploits such as the one described here, will continue to grow.” – Anton Ivanov, lead malware analyst at Kaspersky Lab