After researchers discovered a security flaw that was used to deliver ransomware to Windows PCs, Adobe issued an emergency update to its widely used Flash software on Thursday.
Adobe urged more than 1 billion Flash users on Windows, Mac, Chrome and Linux computers to update the product as quickly as possible after security researchers said the vulnerability was being exploited in “drive-by” attacks that infect computers with ransomware when tainted websites are visited. Ransomware encrypts data, locking up computers, then demands payments that often range from $200 to $600 to unlock each infected PC.
Trend Micro Inc., Japanese security software maker, said it warned Adobe about attackers exploiting the flaw to infect computers with a type of ransomware known as ‘Cerber’ as early as March 31. Cerber “has a ‘voice’ tactic that reads a ransom note to create a sense of urgency and stir users to pay,” Trend Micro said on its blog.
Adobe’s new patch fixes a previously unknown security flaw. Such vulnerabilities, known as “zero days,” are highly prized because they are harder to defend against since software makers and security firms have not had time to figure out ways to block them. They are typically used by nation states for espionage and sabotage, not by cyber criminals who tend to use widely known bugs for their attacks.
Why Windows Update is Not Enough
The severity of the attack is a reminder to IT managers that patching is essential. An effective patch management process can proactively close the holes that are so often used by hackers to gain access to data.
“We released this update immediately,” says Jonathan Cassell, solutions architect at Verismic Software. “With Syxsense, it’s easy to push out patches on demand or even on a recurring maintenance window to ensure all devices stay up to date.”
Whether you use an antivirus solution or WIndows Updates, you are not protected from a security breach. Adding an effective patch management strategy is the key to keeping your data and your company safe from cyberattacks and running efficiently. Avoid a doomsday scenario with proper patching, so your company won’t be left with a crippled infrastructure exposed to unnecessary risk.