Hacking The Adobe Breach

  /     /     /  
Publicated : 22/11/2024   Category : security


Hacking The Adobe Breach


Financially motivated attackers could abuse stolen source code for broader attacks



At first glance, the massive breach at Adobe that was revealed last week doesnt neatly fit the profile of a pure cybercrime attack: Not only did the bad guys steal customer data and payment card information from the software company, but they also nabbed the source code for Adobes ColdFusion, Acrobat, and Reader software.
Its still unclear just how the attackers got Adobes customer data and its source code, and what, if anything, they have done to tamper with the source code for fraud purposes. But what is clear is that the attackers either purposely or inadvertently accessed both Adobes valuable customer financial data and its intellectual property -- netting themselves multiple avenues for making money.
These guys were financially oriented, says Alex Holden, CISO at Hold Security, who, along with Brian Krebs of KrebsOnSecurity, discovered the 40 gigabytes of Adobe source code on the same server as the stolen data from LexisNexis, Dun & Bradstreet, Kroll, and others. Whether they had access to the source code first ... it remains to be seen.
Adobe late Thursday
revealed that it had suffered massive sophisticated attacks on its network
that resulted in the theft of sensitive information, including payment card information on 2.9 million customers, as well as of source code for multiple Adobe software products, including Adobe Acrobat, ColdFusion, ColdFusion Builder, and other Adobe software. Brad Arkin, chief security officer of Adobe, said the attacks may be related.
Hold Securitys Holden says the attackers appear to have had the stolen data in their possession for at least two months. He says one of his biggest worries is that a zero-day attack may be under way against Adobe applications that hasnt yet been spotted. They might have attacked high-level targets. Thats an extremely disturbing and scary thought, Holden says.
Cybercriminals typically try to quickly cash in on stolen payment card information or user credentials. While the stolen Adobe customer payment card data was encrypted, according to Adobe, its possible the attackers were able to glean the encryption keys or crack the crypto, depending on its strength and implementation, security experts say.
The attackers could monetize the source code by finding and selling exploits for Adobe apps, for instance, experts say. Or they could just keep the exploits for themselves to use in more widespread future attacks.
If youre going after Adobe or any company, youre going to go after information you can monetize quickly, but also if you find some really good zero-days in Adobe Reader or ColdFusion, that might just lead to future attacks across several customers, says Benjamin Johnson, CTO of Carbon Black. Everyone has Adobe ... its such a huge surface area to target.
Exploit sales are lucrative, to the tune of tens of thousands of dollars for an Adobe app, for example. The source-code is the money-making stuff -- it helps you find the vulnerabilities in Adobe products. For example, a single zero-day exploit for Adobe Reader can be worth $50,000 in the black market, says Timo Hirvonen, senior researcher at F-Secure.
Leveraging Adobes source code would provide the attackers with a more efficient way to steal information. In the past, it was so easy for [cybercriminals] to do spree attacks -- you could get millions of people through phishing and keyloggers, says Dan Hubbard, CTO of OpenDNS. But now it looks more sophisticated, and they are doing things that are more planned, so instead of going after the client and human element, they are going at some of the weaknesses in the infrastructure and pulling data back and figuring out what to do ... Its definitely an interesting change in operations.
If the worst-case scenario becomes reality and the attackers actually poisoned the Adobe source code and then distributed it to Adobe customers, then the software firm was more of a means to an end for the attackers. If indeed the source code stolen pertains to ColdFusion and Acrobat, this could leave thousands of Web servers open to at-will compromise and make it easier to compromise end-user systems. This breach is a chilling reminder that all software companies should be on guard, as they, too, could be a stepping stone to other targets, says Chris Petersen, CTO and co-founder of LogRhythm.
[Todays reality that you cant stop all cyberattacks means security teams must double down on smarter detection of threats and attacks rather than the traditional approach of mainly trying to prevent them. See
CISO Shares Strategies For Surviving The Inevitability Of Attacks
.]
It may be some time before the full picture of the Adobe attack emerges -- if it does at all. Security experts say if it indeed took Adobe up to six weeks to notice the attack, the software company is at a disadvantage from the start. Thats a head start the bad guys had, Johnson says. The key is always quick detection to mitigate the damage, experts say.
Bala Venkat, chief marketing officer of application security vendor Cenzic, agrees. From the investigations underway, it appears this breach at Adobe actually started sometime in August and continued into late September. Such delayed detect and response mechanism is especially alarming. Organizations must ensure a continuous security monitoring process across all of their production applications is in place to detect and report on vulnerabilities real time when a breach occurs. If this policy is enforced with rigor, such breaches could have been contained and the damage minimized much faster and more effectively. “
Another concern is whether the attackers already have made inroads in targeting Adobes customers. One of my concerns is the lateral movement within the customer base, Carbon Blacks Johnson says, where the attackers already have phished Adobe customers to steal information.
Its going to be a while until we know the full ramifications of this, he says.
And Adobe is not the last victim of this cybercrime gang: Security experts say to expect further revelations of other organizations that were hit.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Hacking The Adobe Breach