Over the past two years, we’ve documented how Flash has increasingly served as a conduit for nefarious cyber-criminals to hack into your computer, smartphone, or tablet device. Even with the growth of HTML5, and its superior technology and security, Flash still sees wide use among digital advertisers, online video purveyors, and older speed test providers. Now, a newer online threat — ransomware — is taking advantage of Flash to trick unwary users into spending cash to “fix” their hacked device.
Adobe even released an emergency update to Flash aimed at thwarting this exploit. Do you need to worry about Flash giving hackers yet another way to invade your computer? Here’s a closer look at the details.
Ransomware is Simply another Type of Malware
Ransomware is similar to other types of malware, where a hacker takes advantage of a vulnerability in software — in this case Flash running on a webpage — to install a nefarious program to any computer. The user is typically confronted with a screen claiming their computer’s contents are encrypted and they need to make an online payment to release their system. This form of malware extortion has grown in the past couple years, a trend noted by Ryan Kalember, ProofPoint’s Senior VP of Cybersecurity Strategy:
“Organizations of all sizes are being targeted, with broad-based email campaigns — sometimes over 10 million messages in a day — malicious Web advertisements, and even malicious mobile apps. In general, ransomware targets Windows more often than other operating systems, but recent examples of ransomware have been found up for Mac OS X, which was taken down immediately, and Android.”
This latest Flash vulnerability affected the version of the program for desktop operating systems, including Windows, Mac OS X, Chrome, and Linux. For now, Android owners were spared — if any of them still use Flash on a mobile device. Adobe released an emergency security patch for Flash earlier in April.
When Running an Internet Speed Test — Don’t use Flash!
If you are worried about ransomware taking control of your computer, it is important to keep Flash turned off in your desktop browser even if you even still have it installed. Currently, more and more websites are using safer HTML5 technology to provide a robust and interactive web experience. If you encounter a website with Flash-based content, you can temporarily turn on the plug-in for that specific web page.
These days, running Internet speed tests in Flash is almost like using a rotary phone. There simply is no reason when a superior HTML5 speed test exists, giving you more meaningful test results, with no worries of a malware infection as part of the process.