Site icon Check Point Blog

SandBlast Protects Against Flash Zero-Day Vulnerability

In recent days, a critical Adobe Flash zero-day vulnerability has been discovered to be exploited in the wild. Attacks are reportedly being distributed by embedding malicious Flash objects into Microsoft Excel documents. Once infected, it allows the responsible hacking group to take full control of infected machines. When the Flash object is triggered, it installs ROKRAT, a remote administration tool.

 

Adobe is planning to address this vulnerability and release a patch in the week starting February 5th.

 

Fortunately, Check Point SandBlast customers are already protected with multilayer protection that effectively blocks the zero-day attack both on the network and endpoint. SandBlast is able to detect and prevent the attack without relying on signatures and without any prior knowledge of the vulnerability.

 

While SandBlast customers are protected, other organizations remain at risk until an Adobe patch is released and the patch is applied to all endpoints.

 

How Does SandBlast Protect You?

SandBlast, Check Point’s multilayered security technology, provides protection against advanced and zero-day cyber threats.

 

The following SandBlast technologies prevent this attack:

 

 

 

Each of these three protections is able to independently prevent this attack without relying on signatures.

 

Threat Extraction and Threat Emulation are available both as a network protection and as an endpoint protection. Anti-Exploit is exclusive to our advanced endpoint protection.

 

In addition, now that signatures are available, we have also released an IPS protection.

 

Wasn’t Flash Supposed to Be Dead?

Well, not exactly. There has been a great deal of industry conversation around eradicating Adobe Flash and removing it from all web browsers. Unfortunately, it’s a long road and we’re not quite there yet.  As others have noted, Flash is here to stay for a few more years and as long as users have Flash installed, they remain vulnerable and attackers know this.

 

Malicious Flash continues to be used extensively by threat actors, primarily through exploit kits, in attempts to compromise end-user systems. In December 2017 alone, Check Point’s Threat Emulation cloud service detected over 25,000 unique malicious Flash objects being served to web users.

 

With Flash attacks still raging and Flash zero-days exploited in the wild, it is crucial you have a solution in place which will prevent the next Flash zero-day attack.

Exit mobile version