Read Time: 3 Minutes
F-Secure Labs took a look at the top five exploit kits of 2015 to see which vulnerabilities they targeted. Here’s what they found: Out of the top fifteen vulnerabilities they targeted, thirteen were Flash Player vulnerabilities.
Why does Flash attract so much attention from cybercriminals?
- Flash is widespread – it’s used on multiple platforms and is one of the most widely distributed pieces of software in the world, so exploiting it yields a larger payoff.
- Flash doesn’t update automatically for all users, so many users still run old versions that are vulnerable and easily exploitable.
- Cybercriminals find it easy to spot vulnerabilities in the code.
Our Security Advisor, Sean Sullivan, refers to Flash as the low-hanging fruit. It’s the easiest software to exploit these days and get a big return.
Flash Player is such an attractive target that, once they learn of a Flash zero day vulnerability, cybercriminals immediately get on it. Case in point: The hacking incident of the Italian surveillance software firm Hacking Team last July.
When the firm was hacked, at least two exploits for Flash zero day vulnerabilities were among the leaked data. To say the top exploit kit makers were quick to react would be putting it mildly.
When the first exploit was exposed on July 7, exploit kits Angler, Neutrino, and Nuclear all incorporated it the very same day. A patch was released the following day. The second vulnerability was made public on July 11. Angler adopted support the next day, closely followed by Nuclear, Rig and Neutrino the following day.
Here’s a graphic from the Threat Report that shows the timeline. The July 6-14 exploits are the Flash exploits after the Hacking Team leak.
These graphics tell us two things:
- Keep your software up to date. Flash vulnerabilities are extremely popular for criminals to exploit, so it’s very important to only use the latest version of Flash…and all software. F-Secure’s software can detect these exploits. Our patch management feature, Software Updater, can make sure Flash and similar applications are always patched as soon as fixes are available.
- Use a product with behavioral and heuristic detection capabilities. For zero day vulnerabilities, antivirus alone is not enough. Even up-to-date software won’t help, since by definition a zero day vulnerability is one that the software vendor doesn’t know about yet. Your business needs heuristic protection that can identify malware based not just on signatures, but also on malicious behavior and characteristics. F-Secure’s products achieve this with our advanced DeepGuard technology.
Many experts also recommend not using Flash at all. But if disabling Flash is going too far for your business, you can limit it by enabling Click-to-Play. Content that uses Flash will need to be expressly clicked in order to play, instead of playing automatically when a window is opened. This reduces the chances of running malicious Flash code, and also reduces the risk of being exposed to Flash-based malicious advertising.