Flash is the low-hanging fruit for attackers. Here’s why and what you can do.End-Point-Protection // 21.03.2016
F-Secure Labs took a look at the top five exploit kits of 2015 to see which vulnerabilities they targeted. Here’s what they found: Out of the top fifteen vulnerabilities they targeted, thirteen were Flash Player vulnerabilities.
Why does Flash attract so much attention from cybercriminals?
Our Security Advisor, Sean Sullivan, refers to Flash as the low-hanging fruit. It’s the easiest software to exploit these days and get a big return.
Flash Player is such an attractive target that, once they learn of a Flash zero day vulnerability, cybercriminals can code an exploit faster than you can finish your work day. Case in point: The hacking incident of the Italian surveillance software firm Hacking Team last July.
When the firm was hacked, at least two Flash zero day vulnerabilities were among the leaked data. To say the top exploit kit makers were quick to react would be putting it mildly.
When the first vulnerability was exposed on July 7, exploit kits Angler, Neutrino, and Nuclear all incorporated support for it the very same day. A patch was released the following day. The second vulnerability was made public on July 11. Angler adopted support the next day, closely followed by Nuclear, Rig and Neutrino the following day.
Here’s a graphic from the Threat Report that shows the timeline. The July 6-14 exploits are the Flash exploits after the Hacking Team leak.
These graphics tell us two things:
Many experts also recommend not using Flash at all. But if disabling Flash is going too far for your business, you can limit it by enabling Click-to-Play. Content that uses Flash will need to be expressly clicked in order to play, instead of playing automatically when a window is opened. This reduces the chances of running malicious Flash code, and also reduces the risk of being exposed to Flash-based malicious advertising.