A virus responsible for shutting down websites worldwide for several hours this week is causing concern among travel websites.
The Travelocalypse virus has successfully exploited several vulnerabilities in Adobe’s Flash technology, which is the major means through which websites come alive. The security holes are currently not in Intel’s Web Security (WSG) software. WSG patches these vulnerabilities when released, according to Intel.
These flaws allow remote attackers to take control of a target PC and potentially unlock sensitive information. The malware is spread through a poorly executed virus at a users’ webmail account or over social media platforms like Twitter and Facebook.
The outbreak did not spread over the internet as was previously suspected. It was caused by compromised websites running on Flash, especially in developing countries. Since it began Monday night, the virus has shut down thousands of websites, interrupting transportation and tourist experiences around the world.
It’s unclear who is responsible for this outbreak, but numerous media outlets have pointed out that it could be Iran or Hezbollah. Both have been accused of state-sponsored cyberattacks in the past.
Shaikh Yousaf, the head of the Department of Computer Systems and Cyber Security (DCS) at UAE regulator the National Center for Supervision and Regulation (NCSC), told Bloomberg that the malware is likely coming from “Iranian servers in Iran”.
Given this interpretation, it is unlikely the attacks have serious effects on the Iranian e-commerce industry. If exploited by terrorists, however, it could be disastrous.
FBI and state department warn of ransomware ‘epidemic’ Read more
China and India have not been immune to this week’s breach. Baidu Inc., a Chinese search engine company and one of the world’s largest social media sites, was hit. As of Tuesday, researchers at Google claimed that the password retrieval vulnerability may have been exploited to take over Baidu’s servers.
According to one security expert, Nir Gora, the encryption flaw in Flash was due to the “perfect storm” of poor design and complicated coding. A first warning about this issue was submitted on Google’s Chromium security advisory page in April 2017.
According to a report published in the Journal of Computer and Information Security, global Flash usage in June 2017 was 102.6% more than its average monthly usage. This is especially worrying considering that this epidemic has impacted many critical sites, like Airbnb, Airbnb and OpenTable.