Adobe cyber attack a wake-up call - security firm (Cape Town)

The hacker attack on Adobe Systems may increase the vulnerability of all computers running the company's software, a security firm has said.

Hackers hit Adobe a week ago and made off with source code along with credit card numbers relating to three million of its customers.

"The risk is elevated because the attackers can now analyse the stolen source code and identify vulnerabilities that were not known so far. They can then develop exploits for these vulnerabilities (zero days)," Ziv Mador director of Security Research at SpiderLabs told News24.

Trustwave division SpiderLabs specialises in penetration testing or ethical hacking.

Adobe moved quickly to reset customer passwords, but the risk of compromising a system running the software could dent the company's reputation.

Common malware

Mador said that the hack illustrated the risk that large corporations faced in terms of a growing cyber attack threat.

"It shows that even resourceful companies may be successfully targeted and breached. It emphasizes the need to take the necessary precautions and apply a comprehensive security policy to minimise the risk for such breaches."

Despite South Africa being a relatively low of the international hacker target list, there is already some common malware that is focused on local companies.

According to Kaspersky Lab, malware that spreads via infected flash drives are designed to steal personal and financial information.

"The Worm.Win32.Mabezat, a file infecting worm which spreads to new computers when accessing an infected drive (including USB thumbs) or file share from a computer that supports the auto-run feature," said Mohammad-Amin Hasbini, GreAt experts at Kaspersky.

It emerged recently that some hacker groups were hiring out their services to target companies for specific purposes that may include intellectual property theft.

"There is no doubt that these breaches are carried out by very technical hackers. However we do not know how they are being compensated and not even their exact motive," said Mador of the Adobe attack.

User data

Criminals generally target systems that may result in the highest return on the investment of time, and in SA, companies in economic hubs like Gauteng are the primary targets for cyber attack.

"Based on our research, Kaspersky Antivirus and Internet Security blocked more than 5.3 million network attacks and more than 70 000 malwares last year in South Africa, 65% of the threats were traced back to Gauteng," Kaspersky said.

The Protection of Personal Information (Popi) bill is set to become law in 2013 and this may have serious implications for companies that handle user data.

Firms could find themselves exposed to legal damages over and above the loss from a cyber attack if it can be shown that they did not take all reasonable measure to protect data.

Mador said that local enterprises should act to improve the security of critical data and networks.

"Companies in many parts of the world are being targeted and breached. It is expected that companies in SA could be targeted as well, as long as they have digital assets that are compelling for cybercriminals such as credit card information, detailed customer information or other desired intellectual property."