Adobe cyber attack a wake-up call - security firm

2013-10-10 12:05
(Picture: <a href=\\\\\\\\>Shutterstock</a>)

(Picture: Shutterstock)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Cape Town - The hacker attack on Adobe Systems may increase the vulnerability of all computers running the company's software, a security firm has said.

Hackers hit Adobe a week ago and made off with source code along with credit card numbers relating to three million of its customers.

"The risk is elevated because the attackers can now analyse the stolen source code and identify vulnerabilities that were not known so far. They can then develop exploits for these vulnerabilities (zero days)," Ziv Mador director of Security Research at SpiderLabs told News24.

Trustwave division SpiderLabs specialises in penetration testing or ethical hacking.

Adobe moved quickly to reset customer passwords, but the risk of compromising a system running the software could dent the company's reputation.

Common malware

Mador said that the hack illustrated the risk that large corporations faced in terms of a growing cyber attack threat.

"It shows that even resourceful companies may be successfully targeted and breached. It emphasizes the need to take the necessary precautions and apply a comprehensive security policy to minimise the risk for such breaches."

Despite South Africa being a relatively low of the international hacker target list, there is already some common malware that is focused on local companies.

According to Kaspersky Lab, malware that spreads via infected flash drives are designed to steal personal and financial information.

"The Worm.Win32.Mabezat, a file infecting worm which spreads to new computers when accessing an infected drive (including USB thumbs) or file share from a computer that supports the auto-run feature," said Mohammad-Amin Hasbini, GreAt experts at Kaspersky.

It emerged recently that some hacker groups were hiring out their services to target companies for specific purposes that may include intellectual property theft.

"There is no doubt that these breaches are carried out by very technical hackers. However we do not know how they are being compensated and not even their exact motive," said Mador of the Adobe attack.

User data

Criminals generally target systems that may result in the highest return on the investment of time, and in SA, companies in economic hubs like Gauteng are the primary targets for cyber attack.

"Based on our research, Kaspersky Antivirus and Internet Security blocked more than 5.3 million network attacks and more than 70 000 malwares last year in South Africa, 65% of the threats were traced back to Gauteng," Kaspersky said.

The Protection of Personal Information (Popi) bill is set to become law in 2013 and this may have serious implications for companies that handle user data.

Firms could find themselves exposed to legal damages over and above the loss from a cyber attack if it can be shown that they did not take all reasonable measure to protect data.

Mador said that local enterprises should act to improve the security of critical data and networks.

"Companies in many parts of the world are being targeted and breached. It is expected that companies in SA could be targeted as well, as long as they have digital assets that are compelling for cybercriminals such as credit card information, detailed customer information or other desired intellectual property."

- Follow Duncan on Twitter
Read more on:    trustwave  |  kaspersky lab  |  online privacy  |  cybercrime
NEXT ON NEWS24X publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.

Inside News24

Lockdown For
Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire network.