The news yesterday that Adobe had been compromised
and that the attackers were able to get valid Adobe signatures on a pair of malware utilities is one of the more worrisome and troubling stories in what has become a year of huge hacks and historic change in the security industry. Adobe was forthcoming with many of the details of the attack, but the ones that were omitted are the ones that really make a difference in this instance.
As in most of these cases, what we know is mostly the results of the attack. We know that the attackers found a weak spot somewhere on Adobe's corporate infrastructure and found a way in. Adobe has not identified what the vulnerability was, where the compromised machine sat on its network or how the attackers were able to compromise it in the first place. Was it a phishing email, a la the RSA hack? Or was it something less pedestrian? We don't know.
We do know that once the attackers were inside, they began moving around until they found the machine that they were really interested in: a build server. They got there by using
what Brad Arkin, Adobe's top security and privacy official, said were techniques typically seen from APT-style attackers.