On the question “update now or later?”, make no mistake: the best option is update now. Either the operational system, PDF Acrobat Reader, Adobe Flash Player, or whatever other application you may use, if you have any thoughts regarding your privacy in cyberspace, update it. “Updating is the keyword to ensure the security of your data,” says Arie Halpern. The reason, of course, is to have the latest version of the program, presumably more modern and safer because it brings fixes for the vulnerabilities detected by the technicians. That’s how the suggestion for updating comes to the user.
However, a cybercriminal reacts in a way diametrically opposed. For him, the upgraded file distributed by the manufacturer brings valuable information about breaches in the program that he can use to break into a system and steal information. Favoring his criminal intentions, Arie Halpern suggests, he counts with the users’ indifference, laziness, ignorance and slowdowns in doing the updates that will eliminate those vulnerabilities. So, he acts fast to take advantage of the situation while all the doors and windows are not yet locked.
Trust me, these attacks may start in less than two hours after the manufacturer makes known the flaws that are being corrected. That’s what happened, according to security firm Trustwave, with the Joomia content management system (CMS). Another similar and very popular system, WordPress, is among the favorite targets of attackers. And the criminals’ work is much facilitated by the slowness with which the applications are updated. According to data from Global Security Report 2016 Trustwave, a large-scale attack against the system using the gaps of a popular plugin known as Slider Revolution began eight months after the distribution of updates. It is estimated that more than 100,000 sites were raided and many users have not updated their systems to this day. These attacks alone represented 48% of all attacks on Web servers cataloged by Trustwave in 2015.
Not everything is given on a silver platter to the cyber pirates. Often, the weaknesses in the programs are discovered by them earlier than by the manufacturers. These are rare, more specific and more serious cases. The invaders have then the advantage of acting freely before being identified. This is what the specialists call Zero-day. In 2015, according to the report from Trustwave, 21 cases of Zero-day vulnerabilities were recorded –eight of them relating to the Adobe Flash Player. Most of the attacks, however, do exploit the users’ oversights. Just to have an idea of how careless we are the password most used by internet surfers is «Password1». In the name of security, it is better to choose a safer password and update it always.