An exploit is a code that takes advantage of a software vulnerability or security flaw. It is written either by security researchers as a proof-of-concept threat or by malicious actors for use in their operations. When used, exploits allow an intruder to remotely access a network and gain elevated privileges, or move deeper into the network.
In some cases, an exploit can be used as part of a multi-component attack. Instead of using a malicious file, the exploit may instead drop another malware, which can include backdoor Trojans and spyware that can steal user information from the infected systems.
Zero-Day Exploits and Exploit Kits
Based on popular usage of exploit terms, an exploit is referred to as a zero-day exploit when it is used to attack a vulnerability that has been identified but not yet patched, also known as a zero-day vulnerability.
Exploits are often incorporated into malware, allowing them to propagate and run intricate routines on vulnerable computers. Exploit kits are popular in the cybercriminal underground because they provide management consoles, an array of exploits that target different applications, and several add-on functions that make it easier to launch an attack. They were first offered in the Russian underground in 2006.
Evolution of Exploits
2006 and earlier
The Blaster worm was used to exploit network vulnerabilities in 2003.
Bot worms were the quickest to adapt to newly published exploits.
Windows Metafile vulnerability (WMF) marked the trend of using exploits targeting client-side vulnerabilities to drop malware into vulnerable systems.
Exploits were designed to target software vulnerabilities in widely used applications, e.g. multimedia players, office applications, and security programs.
Cybercriminals sought out vulnerabilities to exploit using automated tools that targeted poorly configured pages and sites.
SQL injection, cross-site scripting, and other web application vulnerabilities became prevalent.
Customized attacks were widespread, targeting multiple but specific platforms. Cybercriminals made browser and OS detections part of attacks and allowed exploits to run on targeted platforms.
Cybercriminals targeted vulnerabilities in mobile apps.
Compromised websites and drive-by attacks became prevalent.
Stuxnet used vulnerability exploits as part of its routine against SCADA systems.
Mass SQL injection attacks targeted millions of web pages, including ASP.NET sites.
Several novelty apps were found exploiting mobile vulnerabilities.
Cybercriminals refined the Blackhole Exploit Kit, which was used in a number of phishing campaigns.
Java became the most targeted program by exploit kits, moving the information security industry to push to reduce its use.
“Retired” software or those that no longer received support from their vendors were ripe exploit targets in 2013, hitting Plesk software older than Parallels Plesk Panel 9.5 and Java 6.
Several vulnerabilities in open-source environments were uncovered, including Shellshock, Heartbleed, and Poodle
The Hacking Team breach resulted in the discovery of several zero-day vulnerabilities in Adobe, Windows, and Java.
These same vulnerable platforms were also targeted using other zero-days in Pawn Storm—a long-running cyberespionage campaign we’ve been monitoring since 2014.
Cybercriminals and security researchers discovered exploits in smart devices, such as cars, toys, and home security systems.
Virtual patching is one of the most recommended mitigation solutions for enterprises. Virtual patching works on the premise that exploits take a definable path to and from an application in order to use a software flaw. It is, therefore, possible to create rules at the network layer that can control communication with a target software. By scanning traffic for protocols used, you can, to a certain extent, prevent exploits from doing what they set out to do.
Related terms:Exploit kit, zero-day exploit, cookies, hacking, vulnerability, virtual patching, SQL injection, cross-side scripting, Internet of Things