When Adobe last week issued an advisory about a dangerous zero-day attack based on an unpatched Adobe Reader vulnerability that was being exploited in the wild to try and seize control of both PCs and Macs, it credited Lockheed Martin for sounding the alarm about it.
It's not the first time Lockheed Martin has been known to have come under cyberattack, as happened in May in connection with the RSA SecurID-related advanced persistent threat as we've learned this year. But this week, Lockheed Martin -- perhaps not unlike a modern-day version of Paul Revere -- has done a huge public good in coming forward with reliable information. Once again, U.S. defense contractors are being targeted.
READ MORE: 2011's biggest security snafus
"This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe states in its Dec. 6 advisory.
However, Adobe said it might be into the week of Dec. 12 in which it can issue all the necessary version patches for Adobe Reader 9.x and Acrobat 9x for Windows for this zero-day. Addressing the issue in Adobe Reader X and Adobe Reader X for Windows, Adobe states, "Adobe Reader X Protected Mode and Adobe Acrobat X Protected Mode would prevent an exploit of this kind from executing," and thus Adobe is currently planning to address the issue in the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for Jan. 10, 2012. The Mac versions, as well as Acrobat Reader 9.x for Unix, would also be part of the Jan. 10, 2012, scheduled update, according to the Adobe advisory.
"This is the changing face of what we're seeing. Adobe is not a security company. They're not built to release the patches right away," says Bradley Anstis, vice president of technical strategy at M86 Security. "But this is clearly a targeted attack as a zero-day."
Symantec, in its analysis of the threat, which it links to so-called Sykipot malware, says "the attacks have been long-running, persistent, and targeted, which leads us to believe what whoever is behind the attacks is after data that includes design, financial, manufacturing or strategic planning information. The use of multiple zero-day vulnerabilities over time and the long list of command and control servers also leads us to the conclusion that an organized, skilled group of attackers, not just a single individual, is behind the attacks."
A number of vendors, like M86 Security, claim to detect zero-days through techniques in their products that implement behavior-based rules to detect unusual software-behavior patterns and block attack vectors. But as for Lockheed Martin, the intended victim sounding the alarm, Anstis says, "It's a very good trend."
