× Business BUSINESS MOTORING SHIPPING & LOGISTICS DR PESA FINANCIAL STANDARD Digital News Videos Health & Science Lifestyle Opinion Education Columnists Moi Cabinets Arts & Culture Fact Check Podcasts E-Paper Lifestyle & Entertainment Nairobian Entertainment Eve Woman Travelog TV Stations KTN Home KTN News BTV KTN Farmers TV Radio Stations Radio Maisha Spice FM Vybez Radio Enterprise VAS E-Learning Digger Classified Jobs Games Crosswords Sudoku The Standard Group Corporate Contact Us Rate Card Vacancies DCX O.M Portal Corporate Email RMS

Software flaws used in hacking more than double, setting record

By Reuters | April 12th 2016

The number of previously unknown software flaws used by hackers more than doubled last year, a new report says, in another sign of the increasing sophistication of cybercrime and online espionage.

Secret vulnerabilities in computer programs are especially prized by criminal gangs, law enforcement and spies because software vendors have not been warned and so cannot publish fixes.

In 2015, 54 such holes came to light and were deployed by hackers, according to a report published on Monday by the largest security software vendor, Symantec Corp. That is up dramatically from 24 the year before and 23 the year before that; the next-highest total over the past 10 years was 15 in 2007.

Symantec’s total of “zero-day” or unknown vulnerabilities includes both flaws that were discovered because they were used by top-flight hackers who left tracks and those that were revealed to the public at the same time as the software maker.

In 2015, electronic files named "Hacking Team" were dumped on the Internet, including six zero-days that criminals quickly made use of.

Thousands of other flaws were identified as usual last year by vendors, outside researchers, and government agencies. The vendors develop and issue patches, either announcing the flaws or pointing to them by virtue of the fixes.

Since criminals and others immediately take advantage of flaws to reach into unfixed machines, users must patch rapidly and completely or face being hacked.

Though most attacks happen because of inadequate patching, the rapid spread of new flaws through “exploit kits” sold in underground forums has allowed zero-days to be obtained by more people, including those installing ransomware and programs for stealing financial logins.

Four of the five most-used zero-day vulnerabilities last year were in Adobe Systems Inc’s Flash software, which can be used as a standalone program or a plug-in for various Web browsers, not all of which automatically update with Flash patches. Symantec said it expected Flash to become less popular as platforms stop supporting it, making it less of a bonanza for hackers.

Adobe said it had improved its security response. “Flash Player is one of the most ubiquitous and widely distributed pieces of software in the world, and as such, is a target of malicious hackers,” the company said via email.

“With regards to zero-days, we’ve been able to expedite the patching process to just days.”

Share this story
Streaming revenues ride to the rescue of global music earnings
A massive rise in earnings from streaming services helped reverse almost 20 years of declining global music revenues last year as money from digital formats overtook physical sales for the first time, trade association IFPI said on Tuesday.
Survey: Why 40 pc of workers want to quit their jobs
More than half of 18 to 25 year-olds in the workforce are considering quitting their job. And they are not the only ones.