What is a Hackers Favorite Target?

What is currently the number one target for hackers? According to Computerworld, it’s Adobe products. Adobe Flash player and Adobe Reader are the specific targets of choice.

According to Finnish antivirus company F-Secure, 61% of all targeted attacks — ones purposefully aimed at specific individuals or businesses to break into company networks — in the first two months of 2010 exploited a bug in Reader. Rival security firm McAfee, meanwhile, estimated that 28% of all exploit-carrying malware in the first quarter of this year leveraged a Reader vulnerability.

When Brad Arkin, Adobe’s Director for Product Security was asked about this, he said, “We’re in the security spotlight right now, There’s no denying that the security community is really focused on ubiquitous third-party products like ours. We’re cross-platform, on all these different kinds of devices, so yes, we’re in the spotlight.”

Adobe is working on closing these holes and focusing on writing more secure code. Also, Adobe appreciates the fact that the security community is helping out by reporting zero day vulnerabilities. “We’re thrilled when someone shares [vulnerability] information with us responsibly. That’s one less potential vulnerability that could be used by the bad guys.”, Arkin said.

Hackers usually go after the most popular programs, so they can attack a large number of machines. This is why Microsoft and now Adobe are prime targets. Microsoft has changed its focus to being more security conscious and it looks like Adobe is following suit. Just like Microsoft updates, it is important to keep your Adobe products updated. Also, If you are using an old version of Reader or Flash Player, it would be a good idea to upgrade to the latest version. Both are available for free on Adobe’s website.

12 thoughts on “What is a Hackers Favorite Target?”

  1. Is the Adobe reader exploit similar to the one where scripts could be initiated from downloaded docs? I remember having to change some settings for that one. Sneaky buggers aren’t they?

    1. I remember that one too, I think the script exploit one was found by a security guy and reported, I think, I couldn’t find the source. 😦

      Trendmicro’s blog has a list of some of the Adobe exploits. Crazy stuff… You need Windows updates, Anti-virus updates, Adobe updates, so many holes, so few band-aids… Makes you kinda feel like the Dutch boy who plugged the hole in the dam with his finger…

      1. We won’t make any progress until people start realizing that we need to stop treating the symptoms and start working toward curing the disease – and by disease, I don’t mean the hackers. 😉

    1. It could be companies writing buggy code, but I think the biggest disease is the loose connection between the seat and the keyboard!

    2. It’s a disease of the mind. People are unable to see the truth about the current situation (hacking and security) and so they continue to chase their tail (spend money, time and effort) in hopes that one day they will catch it (make computing secure). If people put their critical thinking cap on, they will realize that we are going about solving the hacking problem in the wrong way. But until everyone sees the truth, we will continue to use band-aids.

      Think about it this way: The world was once flat, the universe used to revolve around the earth – and people once believed computing could be made secure by developing complicated and unmanageable security products that are ineffective against unknown threats. Wait a second… people still believe that last part.

      1. So, as always, people are the weakest link in the system. I have to say, I am having a really hard time thinking of anything that has so fundamentally altered the daily lives of people, while at the same time being a complete mystery to the vast majority of the very people whose lives have been affected.
        While the understanding of computers networks among the people has definitely expanded, for most it seems to remain a magic little box the pulls what ever the user wants out of air…

    3. I agree, also the problem I see is that our network guys are being trainined that if they follow steps A,B and C, then the network is secured. Some literally go down a checksheet when installing a new system, then put it in place, make sure that it is set to get updates automatically, then never touch or check up on the machine again. If the checklist says it is secure, then it’s got to be secure.

      Hackers don’t use checklists. They think out of the box. They look for targets of opportunity. They have even been known to break into a place and walk out the door with a server that had a firewall they couldn’t penetrate. Or just simply impersonated a tech support person and asked for passwords. It is a totally different mind set.

Leave a Reply to D. Dieterle Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.