Sign up to our newsletter
We are constantly talking about vulnerabilities and exploits in IT security news, but for a lot of users these concepts might still be a little unclear. That’s why we decided to write this article and clear up any confusion you might have on the topic.
The standard definition refers to a program or some code that takes advantage of a security hole (i.e. a vulnerability) in an application or system, so that an attacker can use it for their benefit.
Translating this into a real life situation, it’s like a padlock (the system or application) has a design flaw that allows people to create keys to open them (the exploit) and gain access to the place it’s supposed to be protecting, allowing access for criminal acts (malware).
There is some confusion among users and a myth that an exploit can be considered malware. In actual fact, as we saw in the example, it’s not malicious code in itself, but rather the keys that allow that code to work.
This way, it can give the code the permissions necessary to be able to execute itself on a system and infect it by exploiting a vulnerability.
There are two basic types of exploits that can be identified: known and unknown (a.k.a. 0-day). Known exploits are exploits we have a record of and which we can take measures against. They tend to be the ones that appear in most security news and several new ones appear every day—and the same can be said about the vulnerabilities they try to exploit.
For this reason, it’s important to stay informed about which vulnerabilities are being taken advantage of by exploits and check that all your systems and applications are up to date and, if there isn’t an update available, apply techniques that might help mitigate any threats.
Our blog is a good source of constantly updated information about flaws and their corresponding patches, although there are also websites that specialize in identifying and informing people about the new ones appearing on a daily basis, such as Exploit Database.
However, we also mentioned unknown exploits, or 0-days, which we often see mentioned in security news. These are used on vulnerabilities that have not yet been reported to the general public and they therefore present a serious threat, especially if used in attacks directed at companies or governments.
When these are used, there don’t tend to be any measures that can be used to block the malware that takes advantage of them, and this makes them practically undetectable. For this reason, they are highly valued by criminals, since they enable them to steal important information from companies or governments or, in extreme cases, to attack certain critical infrastructures.
Criminals frequently use exploits to help their threats infect a large numbers of systems. In recent years, we’ve seen threats taking advantage of vulnerabilities in Java products and Adobe software.
An example used on a massive scale to exploit vulnerabilities is ransomware, also known as the “police virus”. In successive variants appearing since 2011, we’ve seen how criminals took advantage of vulnerabilities in Java and in Windows 2003 to infect the systems and demand a ransom from users for the data stored—which this malware encrypts so it can’t be recovered.
Once we have learned what the exploits are and how they work, we can adopt a series of measures to prevent them from being used to infect systems:
Exploits are often the starting point of threats and attacks, so it’s important to take them into account and know how to protect yourself by applying the security measures we have suggested in this article. This way, you will minimize the risks and prevent your systems and confidential information from falling into the wrong hands.
Image credits: ©DVIDSHUB/Flickr
Author Josep Albors, ESET