Exploits are incredibly powerful tools that are used by cyber criminals to take advantage of vulnerabilities in IT systems. A single exploit can bring millions of malware variants into circulation. The good news? By putting a stop to these exploits, you can block the majority of malware applications before they even reach your systems. The bad news? Traditional malware protection won’t let you do this. For this reason – and to allow you to carry on sleeping peacefully at night – we’ve developed six best-practice measures for you, all with just one goal: to give you with an effective defence against exploits. Read on to find out how this works...
As the person in your organisation with responsibility for security, you’ll probably already know that exploits are among the most frequently used methods for distributing malware. By exploiting vulnerabilities in legitimate software products, they enable hackers to infect computers for criminal purposes. Traditional antivirus solutions have only focused on stopping malware activity, rather than on tackling exploits themselves. This is a fatal error, however. Although millions of different malware variants are in circulation, but hackers use only around ten different techniques for exploiting software vulnerabilities. If you can therefore successfully prevent such exploit-based methods, you can block a substantial number of malware varieties before they gain a foothold in your systems. In this way, exploits can be blocked even if they involve what are termed “drive-by” attacks or “zero-day” vulnerabilities. But first things first...
In most cyber attacks, criminals take advantage of security vulnerabilities such as out-of-date browser plug-ins (Flash, Java, Silverlight) or obsolete browser versions. The attacks are carried out in an insidious and sneaky way, and can even fool careful users. The specific term “exploit” refers to the exploitation of a software bug for the purpose of circumventing one or more existing security barriers. As for “zero-day” exploits, these involve the use by hackers of a vulnerability that, to date, has been largely unknown and for which no patch has been released.
Annual subscriptions for 25 zero-day vulnerabilities can cost up to $2.5 million.
To distribute malware, cyber criminals deploy what are termed “exploit kits”. These are toolkits that are pre-packaged with malicious websites or software and which are bought, licensed or leased by criminals with the aim of bringing malware into circulation. Instead of finding out themselves how to prepare a website so as to infect visitors’ devices, the hackers rely on a ready-made attack code within an exploit kit. This code tries out a series of known security loopholes in the hope that one of them will work. As well as exploit kits that transfer viruses over the Internet, criminals can also turn to a variety of similar kits for use in email and phishing campaigns. With these, the attacker sends a file attachment to unsuspecting users. If the scam works, the user then opens the attachment, thus installing the malware.
As we’ve already seen, exploits take advantage of vulnerabilities in legitimate software applications. All reputable software vendors therefore develop patches to resolve such vulnerabilities as soon as these are reported. Even so, there’s always a delay between the discovery of a vulnerability and the development of a patch. It’s therefore very important that security patches are installed as soon as possible after their release to ensure that the risk of a successful attack is countered at the earliest opportunity.
A policy of relying solely on patches, however, would be very naive. Why? The answer’s simple. Although millions of different malware variants are in circulation, hackers use only around ten different methods for exploiting software vulnerabilities. Blocking such exploit activities therefore represents a highly efficient and effective way of rendering a considerable number of malware varieties harmless in one go.
To successfully enhance your defences against exploits, our security experts recommend the following procedure:
Sophos InterceptX will protect you from complex ransomware attacks and zero-day threats. As a next-generation endpoint solution, it incorporates signature-free anti-exploit, anti-ransomware and anti-hacking technology, root cause analysis and powerful features for clearing up malware.
Interested in finding out more? Experience the benefits of the next-generation root cause analysis offered by Sophos InterceptX right now, download the free trial version. You won’t regret it!