View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Adobe Flash Player vulnerabilities increase 66% in H1

Organisations are urged to reduce time to identify cyberattacks.

By CBR Staff Writer

A new report has revealed that organisations need to reduce the time it takes to identify cyber threats in order toprevent attack from Flash, ransomware, and the Dridex mutating malware campaign.

The Csico report highlights the need for retrospective analysis to reduce time to detection (TTD) in order to remediate against sophisticated attacks by threat actors.

The lack of automated or regular patching is increasing exploits of Adobe Flash vulnerabilities, which are integrated into the Angler and nuclear exploit kits, the report claims.

There was a 66% rise in the number of Adobe Flash Player vulnerabilities reported by the Common Vulnerabilities and Exposure (CVE) system in the first six months of this year, compared with the whole of 2014.

Angler is one of the most sophisticated and widely used exploit kits due to its innovative use of flash, java, internet explorer and silverlight vulnerabilities.

It also uses an evasion technique known as domain shadowing to prevent detection.

Hackers continue to release new variants with the help of ransomware operations, which are completely automated and undertaken via the dark web.

Content from our partners
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer
Financial management can be onerous for CFOs, but new tech is helping lighten the load

Cisco said ransoms are paid in cryptocurrencies like bitcoin to hide payment transactions from law enforcement

According to the report, the creators of rapidly mutating Dridex campaigns have a sophisticated understanding of evading security measures.

Attackers quickly change the emails’ content, user agents, attachments or referrers, and launch new campaigns as part of their plans. It will force traditional antivirus systems to detect them anew.

Cisco said the report’s findings highlight the need for businesses to deploy integrated security systems instead of point products, work with trustworthy vendors and enlist security services providers for guidance and assessment.

In addition, Cisco said geopolitical experts have declared that a worldwide cyber governance framework is required for sustaining economic growth.

Cisco senior vice president, chief security and trust officer John Stewart said: "Organisations cannot just accept that compromise is inevitable, even if it feels like it today.

"The technology industry must up the game and provide reliable and resilient products and services, and the security industry must provide vastly improved, yet meaningfully simplified, capabilities for detecting, preventing, and recovering from attacks."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU