Hackers have been able to exploit a number of flaws in Adobe’s Flash tool. These flaws can be embedded in advertisements that run on popular (but highly insecure) websites like Facebook. We say these sites are insecure because Facebook makes it revenue from advertising.. they have very little incentive to check the ads for content, as they are more inclined to let virtually all ads onto their pages to maximize revenue. This same thing can be said of sites like MSN and Hotmail/Outlook.com which emphasize ad revenues.
More details on the exploits and how they behave:
How Erickson Solutions Group recommends you protect yourself and the systems in your company from these browser Flash-based ad attacks:
- Whenever possible, avoid using Facebook, MSN, etc while at work.
- If you must visit these sites, we recommend doing so from Google Chrome (set as your default browser) since Chrome has shown the highest resistance to these Flash-based attacks.
- To further strengthen the protections in Chrome, we recommend you disable the Flash auto-play feature. This will cause all those annoying auto-play videos and ads to cease.. replaced by a little puzzle-piece icon which you can click if you decide to enable/watch them. To disable the auto-play feature..
- In chrome.. click on Settings (upper right corner)
- Advanced (at bottom of list typically)
- Content Settings button
- Look for the Plug-ins section and change to setting to be “click to play”
- Be sure to protect your systems with a strong anti-virus/anti-malware tool like Symantec.cloud which helps protect against even these hard-to-stop zero-day attacks by recognizing patterns and blocking malicious access attempts.
As always, please contact us at ESG if you need advice implementing any of these recommendations!