How To Help Protect Your Business From Exploits
Getty
Do you think you know what exploits are and how to guard against them? There’s a pervasive lack of understanding and awareness about exploits in general, and that leaves countless organizations at risk today.
Here’s a brief refresher on what exploits are and the harm they can cause. We’ll also take a look inside today’s profitable exploit marketplace, how exploit techniques are evolving and what you need to know to prevent cybercriminals from taking advantage of them to infiltrate your business.
Exploits 101
Exploits are defined as ways to take advantage of weaknesses in software like Adobe Flash and Microsoft Office, for instance, to infect computers for criminal purposes. They’re used by cybercriminals to penetrate an organizations’ defenses.
Most cybercriminals are innovative and efficient, which has made exploit-based attacks a popular cybercrime business model. Easy to use and readily available on the dark web, exploit kits have long been an effective and lucrative profit engine for amateurs and fraudsters looking to make a quick, albeit illegal, cyber buck.
Remember the infamous WannaCry and NotPetya attacks from last year? Both attacks used the EternalBlue exploit, found in the Vault 7 hacker toolkit, to spread malware. What’s even more concerning is how widespread the use of this attack method is. In fact, 90% of reported data breaches find that an exploit is used at one or more points in the attack chain. As popular apps change often, so does the opportunity to introduce a vulnerability just waiting to be exploited.
A Burgeoning Marketplace
It should come as no surprise that the exploit market is becoming a highly lucrative trade. Building off the concept of malware-as-a-service, the exploit kit landscape, often jokingly referred to as “crimeware-as-a-service,” is a large and growing marketplace. The exploit market exploded in 2017, with 14,646 software vulnerabilities reported in the National Vulnerability Database and 16,518 reported in 2018. If you think it’s only Windows and Windows-based applications you have to worry about, think again. Apple’s MacOS and iOS and Linux-based systems like Android are rife with vulnerabilities.
The proliferation of exploits has been made possible by these exploit kits. Here’s how it works. Cybercriminals who specialize in exploit writing discover software vulnerabilities and package them into exploit kits to sell. By commercializing hacking tools and skills, this broadens the number of potential hackers to include those that are less skilled.
Cybercriminals’ objectives are diverse: stealing data, holding data for ransom, performing reconnaissance or using exploits as a way to deploy more traditional malware. Some of the most devastating attacks are aimed not just at endpoints, but at servers as well. Think of the wealth of mission-critical data held on servers: personally identifiable information (PII), financial records, customer data and shared applications, to name a few. Once a cybercriminal breaches the server, they can steal the data and sell or ransom it -- they even sell access to the server itself. No matter the approach, cybercriminals’ end goal is often the same: They want to make money.
But in order to keep making money, hackers have to keep raising the bar to evade protections. Cybercriminals can reach the most people with subscription-based services, which are constantly evolving and becoming more sophisticated. How can we keep up and continue to guard against hackers’ ever-changing techniques? The answer is remarkably simple: Practice good security hygiene and ensure you have predictive security measures.
Where do we go from here?
Since cybercriminals pack several exploits into each payload hoping that one will be successful, the best defense for organizations is to build their security strategies around a layered and predictive approach to protection. That means protecting in the face of the unknown by constantly learning and proactively detecting constantly changing attacks and being diligent and proactive with security best practices, including performing frequent backups with encryption, using password managers and always creating unique, strong passwords. Additionally, it’s important to apply patches early and often, update endpoint protection and upgrade firewalls to interface directly with endpoint security.
Because there are only about two dozen techniques that can be used to exploit software, an effective protection strategy counteracts these techniques, instead of trying to counteract each and every exploit. The mitigations for specific exploit methods vary by vendor. Make sure employees have a fundamental understanding of prevalent exploits and vulnerabilities with ongoing security awareness training that is continuously updated to reflect the evolving threat landscape.
Given the vast majority of attacks are unique to the target, organizations can no longer afford to take a reactive approach to exploit protection. Proactively practicing predictive protection and overall good security hygiene along with employee training and awareness will help businesses stay one step ahead of today’s threat landscape.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives.
Do I qualify?
Do I qualify?
">
Do you think you know what exploits are and how to guard against them? There’s a pervasive lack of understanding and awareness about exploits in general, and that leaves countless organizations at risk today.
Here’s a brief refresher on what exploits are and the harm they can cause. We’ll also take a look inside today’s profitable exploit marketplace, how exploit techniques are evolving and what you need to know to prevent cybercriminals from taking advantage of them to infiltrate your business.
Exploits 101
Exploits are defined as ways to take advantage of weaknesses in software like Adobe Flash and Microsoft Office, for instance, to infect computers for criminal purposes. They’re used by cybercriminals to penetrate an organizations’ defenses.
Most cybercriminals are innovative and efficient, which has made exploit-based attacks a popular cybercrime business model. Easy to use and readily available on the dark web, exploit kits have long been an effective and lucrative profit engine for amateurs and fraudsters looking to make a quick, albeit illegal, cyber buck.
Remember the infamous WannaCry and NotPetya attacks from last year? Both attacks used the EternalBlue exploit, found in the Vault 7 hacker toolkit, to spread malware. What’s even more concerning is how widespread the use of this attack method is. In fact, 90% of reported data breaches find that an exploit is used at one or more points in the attack chain. As popular apps change often, so does the opportunity to introduce a vulnerability just waiting to be exploited.
A Burgeoning Marketplace
It should come as no surprise that the exploit market is becoming a highly lucrative trade. Building off the concept of malware-as-a-service, the exploit kit landscape, often jokingly referred to as “crimeware-as-a-service,” is a large and growing marketplace. The exploit market exploded in 2017, with 14,646 software vulnerabilities reported in the National Vulnerability Database and 16,518 reported in 2018. If you think it’s only Windows and Windows-based applications you have to worry about, think again. Apple’s MacOS and iOS and Linux-based systems like Android are rife with vulnerabilities.
The proliferation of exploits has been made possible by these exploit kits. Here’s how it works. Cybercriminals who specialize in exploit writing discover software vulnerabilities and package them into exploit kits to sell. By commercializing hacking tools and skills, this broadens the number of potential hackers to include those that are less skilled.
Cybercriminals’ objectives are diverse: stealing data, holding data for ransom, performing reconnaissance or using exploits as a way to deploy more traditional malware. Some of the most devastating attacks are aimed not just at endpoints, but at servers as well. Think of the wealth of mission-critical data held on servers: personally identifiable information (PII), financial records, customer data and shared applications, to name a few. Once a cybercriminal breaches the server, they can steal the data and sell or ransom it -- they even sell access to the server itself. No matter the approach, cybercriminals’ end goal is often the same: They want to make money.
But in order to keep making money, hackers have to keep raising the bar to evade protections. Cybercriminals can reach the most people with subscription-based services, which are constantly evolving and becoming more sophisticated. How can we keep up and continue to guard against hackers’ ever-changing techniques? The answer is remarkably simple: Practice good security hygiene and ensure you have predictive security measures.
Where do we go from here?
Since cybercriminals pack several exploits into each payload hoping that one will be successful, the best defense for organizations is to build their security strategies around a layered and predictive approach to protection. That means protecting in the face of the unknown by constantly learning and proactively detecting constantly changing attacks and being diligent and proactive with security best practices, including performing frequent backups with encryption, using password managers and always creating unique, strong passwords. Additionally, it’s important to apply patches early and often, update endpoint protection and upgrade firewalls to interface directly with endpoint security.
Because there are only about two dozen techniques that can be used to exploit software, an effective protection strategy counteracts these techniques, instead of trying to counteract each and every exploit. The mitigations for specific exploit methods vary by vendor. Make sure employees have a fundamental understanding of prevalent exploits and vulnerabilities with ongoing security awareness training that is continuously updated to reflect the evolving threat landscape.
Given the vast majority of attacks are unique to the target, organizations can no longer afford to take a reactive approach to exploit protection. Proactively practicing predictive protection and overall good security hygiene along with employee training and awareness will help businesses stay one step ahead of today’s threat landscape.
Gloss