Exploits: What are they and how do they work?

We are constantly talking about vulnerabilities and exploits in IT security news, but for a lot of users these concepts might still be a little unclear. That’s why we decided to write this article and clear up any confusion you might have on the topic.

First off, what is an exploit?

The standard definition refers to a program or some code that takes advantage of a security hole (i.e. a vulnerability) in an application or system, so that an attacker can use it for their benefit.

Translating this into a real life situation, it’s like a padlock (the system or application) has a design flaw that allows people to create keys to open them (the exploit) and gain access to the place it’s supposed to be protecting, allowing access for criminal acts (malware).

There is some confusion among users and a myth that an exploit can be considered malware. In actual fact, as we saw in the example, it’s not malicious code in itself, but rather the keys that allow that code to work.

This way, it can give the code the permissions necessary to be able to execute itself on a system and infect it by exploiting a vulnerability.

Types of exploits

There are two basic types of exploits that can be identified: known and unknown (a.k.a. 0-day). Known exploits are exploits we have a record of and which we can take measures against. They tend to be the ones that appear in most security news and several new ones appear every day—and the same can be said about the vulnerabilities they try to exploit.

For this reason, it’s important to stay informed about which vulnerabilities are being taken advantage of by exploits and check that all your systems and applications are up to date and, if there isn’t an update available, apply techniques that might help mitigate any threats.

Our blog is a good source of constantly updated information about flaws and their corresponding patches, although there are also websites that specialize in identifying and informing people about the new ones appearing on a daily basis, such as Exploit Database.

However, we also mentioned unknown exploits, or 0-days, which we often see mentioned in security news. These are used on vulnerabilities that have not yet been reported to the general public and they therefore present a serious threat, especially if used in attacks directed at companies or governments.

When these are used, there don’t tend to be any measures that can be used to block the malware that takes advantage of them, and this makes them practically undetectable. For this reason, they are highly valued by criminals, since they enable them to steal important information from companies or governments or, in extreme cases, to attack certain critical infrastructures.

Common use of exploits

Criminals frequently use exploits to help their threats infect a large numbers of systems. In recent years, we’ve seen threats taking advantage of vulnerabilities in Java products and Adobe software.

An example used on a massive scale to exploit vulnerabilities is ransomware, also known as the “police virus”. In successive variants appearing since 2011, we’ve seen how criminals took advantage of vulnerabilities in Java and in Windows 2003 to infect the systems and demand a ransom from users for the data stored—which this malware encrypts so it can’t be recovered.

Protective measures

Once we have learned what the exploits are and how they work, we can adopt a series of measures to prevent them from being used to infect systems:

  • Keep all of your applications and systems up to date: bearing in mind that exploits take advantage of security holes, it is vital to close these up as soon as possible. To do so, maintain an effective updates policy to avoid leaving a window of opportunity open that could be exploited by attackers.
  • Mitigate the effects of any exploits used against us. It might be the case that the manufacturer of the vulnerable system or application has not yet released an update that resolves the problem. If so, you can use tools like the Enhanced Mitigation Experience Toolkit (EMET) for Windows. This will help prevent your system from becoming infected until a definitive solution appears.
  • Install an advanced security solution like ESET Smart Security, capable of detecting and blocking exploits that are designed to take advantage of vulnerabilities in web browsers, PDF readers, and other programs.

Conclusion

Exploits are often the starting point of threats and attacks, so it’s important to take them into account and know how to protect yourself by applying the security measures we have suggested in this article. This way, you will minimize the risks and prevent your systems and confidential information from falling into the wrong hands.

Image credits: ©DVIDSHUB/Flickr

Author , ESET

Follow us

Copyright © 2016 ESET, All Rights Reserved.