Subscribe

Adobe breach 'very serious'

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 07 Oct 2013
Affected customers should keep a close eye out on their bank accounts for any fraudulent activity over the next few weeks.
Affected customers should keep a close eye out on their bank accounts for any fraudulent activity over the next few weeks.

Last week's theft of source code for an unconfirmed number of Adobe products, including Adobe Acrobat and Cold Fusion, poses a huge threat, given that Adobe is installed on millions of computers around the world.

In an announcement on 3 October, Adobe CSO Brad Arkin described the recent attacks on Adobe's network as sophisticated, and said they involved the "the illegal access of customer information, as well as source code for numerous Adobe products".

Some three million customer credit card records were accessed, and login data from an undetermined number of Adobe user accounts was stolen.

However, Arkin says all the credit card numbers were encrypted and no decrypted credit card numbers left its network. Even so, Adobe has begun notifying affected customers that they should change their passwords.

He said breaches are "one of the unfortunate realities of doing business today" and added that the popularity of Adobe's products has seen the brand attracting more and more attention from cyber crooks.

How bad is bad?

Adam Hollins, project manager at Telspace Systems, says the breach is very serious. "When hackers have access to information such as source code, it enables them to identify software vulnerabilities and create custom exploits. It's very dangerous from a security point of view."

He adds that the scale of the attack depends on exactly what source code was stolen, since it could make thousands of Web servers vulnerable and therefore, potentially millions of end-users too.

Having access to the source code also means attackers can more easily identify vulnerabilities in the code, and create counterfeit versions of the software. "If the bad guys have access to an environment to build software that looks like 'official' versions of the software that was stolen, not only are they creating counterfeit versions of the software, but they can also place backdoors and Trojans in this copy."

However, Hollins says this is not an easy process and would be time-consuming.

Another danger is that the source code could be sold to a third-party. "There is always a buyer out there for someone selling software source code such as this and most definitely for the databases that were compromised during the breach."

Mitigation

In another blog posting. Arkin says although Adobe is unaware of any zero-day exploits targeting any Adobe products, it recommends users only run supported versions of the software. He also advised users to apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide.

In addition, Arkin recommend that affected users change their passwords on any Web site where they may have used the same user ID and password.

"These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products."

Hollins says any affected adobe customers should keep a close eye out on their bank accounts for any fraudulent activity over the next few weeks. "If you were affected via the breach by having your information stolen, Adobe should also be sending out an e-mail to you shortly. In terms of the stolen source code, just be vigilant and make sure precautions are taken before opening any random Web sites and documentation."

Adobe added it is offering customers, whose credit or debit card information was compromised, the option of enrolling in a one-year complimentary credit monitoring membership where available.

Share