So it's Monday, which means it's time for this week's first cyber attack report! This one is a doozey in terms of scale, because it uses Yahoo's properties, which see nearly 7 billion visits per month. The method of the attack is nothing new: Bad actors place ads via Yahoo's network, and the ads direct users to sites that have been compromised and set up to serve malware.
According to initial reports, the attack is based on the Angler Exploit Kit which exploits vulnerabilities in...wait for it...Flash! Those who visit the compromised sites can find themselves with a variety of troubles, including ransomware that locks them out of their computer until they pay a ransom. That'll teach you to go to Yahoo Sports in the morning for yesterday's scores...
So, if you are still running Flash on your system – and apparently, a lot of people are, and attackers know it – you have a few choices:
- Disable Flash on your endpoints. This can be like cutting off your fingers to avoid getting splinters, but if the splinters are bad enough, maybe it's what you need to do.
- Isolate your Web traffic so that malicious content never reaches your endpoint. The Menlo Security Isolation Platform does that.
- Continue browsing the Web with Flash enabled and hope you dodge the inevitable bullet.
The inconvenient truth about the Web is that it's dangerous and it's not the kind of place you should go without effective protection. There's no way to stop cyber criminals from attacking, and there's no way to detect and stop all of their attacks. The only way to be safe is to execute all Web content away from your endpoint so it can't do harm even if it's malicious. That's what isolation security is all about, and it seems pretty clear that its time has come.