Deep dive into cybersec: exploits

In general terms, an exploit is a series of actions executed to derive the most benefit from a pre existing resource.

In computer security we could interpret it as a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software or hardware. This can include data leakage, privilege escalation, arbitrary code execution (often used as part of a zero-day attack), denial-of-service attacks and viruses.

Going even deeper, this term is used to describe the use of low-level software instructions that exceed the intended function or design of a computer program.

Hackers are always on the lookout for vulnerabilities. They use exploits in order to gain personal data, such as credit card numbers, bank account access, social security numbers and all kind of sensitive information.

The most common vectors for an exploit is injection:

• A SQL injection, where a bad actor (or someone posing as is) injects malicious code into an entry field in order to extract data from a database.
• An XSS attacks, where a bad actor injects malicious bits into a website’s source code in order to extract data from the website’s database or server.

Famous exploits

There are many famous exploits and hacks but some of the ones that are most prominent in the public eye are Heartbleed, Sony PlayStation Network Hack, Target Security Breach, Eternalblue (that started the Ransomware trend).

Heartbleed is a vulnerability in OpenSSL that was discovered on April 7, 2014: it was a bug in the protocol that allowed attackers to steal information from servers without being detected. This exploit affected over 66% of all web servers globally, including sites like Yahoo!, Facebook, Google, and Amazon.

The Sony’s PSN (PlayStation Network) one happened even before: In 2011 a group of hackers stole personal information from 77 million accounts. The hackers were able to do this because they had obtained PSN usernames and passwords from an outside party who had hacked into Sony’s network earlier that year.

Target‘s security breach occurred in the 2013 holiday shopping season and saw 40 million credit cards stolen from their systems: in that case the hackers used malware sent to Target’s point-of-sale terminals to steal card data while it was being entered into the system.

Another famous example has been the WannaCry exploit, carried through Eternalblue, a vulnerability discovered by the NSA and kept secret until leaked by a group called Shadow Brokers. It is a security exploit that affects Microsoft Windows and was unpatched at the time of public disclosure. The Eternalblue exploit has been one of the most dangerous exploits in the world, and it has been used to create some of the most devastating ransomware attacks. The Eternalblue exploit has been used to spread WannaCry, NotPetya, and BadRabbit ransomware attacks.

Ransomware is a type of virus that locks up data in the victim’s computer and demands payment in order to release it. It usually spreads through email attachments, downloads from untrusted sources, or in general through a vulnerability in the system.

Stay safe out there!

As the number of people and devices connected to the internet has increased, so have the number of cyber attacks: cyber criminals are always on the lookout for new ways to exploit vulnerabilities in your system.

To prevent it, it’s important to take measures to make sure you are not vulnerable:

• always update your software and hardware regularly
• use strong passwords and change them regularly
• use two-factor authentication whenever possible
• have a security suite installed that includes antivirus protection and firewall settings that block suspicious or malicious programs from accessing your system.

The latter is especially important for Windows users, but this doesn’t mean that Linux and macOS users should feel safe: as the usage and distribution of Unix based system increase and gain popularity, so are the researches on possible attack vectors.

Updates are a crucial part of keeping your device protected. These updates not only stop exploits, but they improve the security of the device and protect it from known vectors of attack: the biggest part of the most devastating exploitations have been carried out due to unpatched systems (even after the patches have been distributed).

The internet is a digital world that is both beneficial and harmful. It was created to connect people from all over the world, but it has also created a space for hackers to exploit vulnerabilities, posing a risk to everyone without proper knowledge of the problem. That’s why It is fundamental to learn how to protect your privacy and your data, and to gain consciousness about online security and online threats.

Knowledge is power, the power of defending your data from malicious attacks in this case.