Find the latest posts and news related to data security, cloud storage and advanced data protection.

Cyber attacks with exploits can affect everyone’s data

Data Security Leave a comment

Types of Cyber AttackComputer Code Exploits

In part one of our Cyber Attack series, we highlighted the massive DDoS attack raining on spam list provider SpamHaus. In most DDoS attacks, your data is likely safe, but the nefarious activities are just one step away from more serious forms of cyber attacks that can steal your data and start with what’s called “exploits.”

These “exploits” are packets of computer code that allow hackers to sneak in and sometimes control computers running software with a known design flaw or a “vulnerability.” Criminals, terrorist groups and even governments are all likely customers for the purchase of exploits.

It’s an emerging market for companies who discover new vulnerabilities called “zero day exploits” in software and sell their findings for anywhere from tens to hundreds of thousands of dollars. And generally it’s legal to sell them. In fact, more than half of exploits sold are now bought from upstanding firms and not hackers, according to the magazine The Economist.

“Zero day exploits” are especially dangerous when in the wrong hands because there is no advance knowledge of them prior to their use. The exploits tend to remain unpatched as hackers will keep them a secret so they remain unfixed and make the exploit useless. If it’s an easily detected or celebrated exploit, then it will be discovered and patched quickly, and hence devaluing it.

Prices for exploits have gone up exponentially in recent years and are based on three factors: how hard the exploit is to develop, the number of computers it provides access to and the value of those computers.

“An exploit that can stealthily provide administrator privileges to a distant computer running Windows XP, a no-longer-fashionable operating system, costs only about $40,000. An exploit for Internet Explorer, a popular browser, can cost as much as $500,000” – the Economist

If you think that you simply don’t have the same level of exposure as you read about in the news, think again. Software giant Adobe Systems Inc has had their own experience with exploits. The JBIG2 flaw allowed hackers access to major corporations such as Coca-Cola.

According to Bloomberg news, “In America and the U.K., about 1-in-3 computer users had contact with malicious software, just between July and September this year, according to data Moscow-based anti-virus software maker Kaspersky Lab collected from its customers.”

The Bloomberg article continues, “The implications of lagging security go beyond PCs to critical infrastructure and industry, such as power grids and railroads, and to increasingly networked lives, including phone systems and videoconferencing that run over the Internet.

“Sooner or later, the people who are exploiting these security flaws will go from stealing information to breaking systems — because they can — and then it’s going to be obvious to everybody how bad things are,” says Stewart Baker, former general counsel for the National Security Agency, the U.S. spy agency, which monitors foreign communications.”

A researcher at the Netherlands Defense Academy suggests that Western intelligence agencies often pay higher prices and believes that that America’s spies spend the most on exploits. As you might guess, sales are up in thanks to demand from defense contractors and hacker groups who both see cyberspace as the new battleground. And they aren’t alone. The Economist article goes further to say that, governments that buy exploits are “building the black market”, thereby bankrolling dangerous research and development. That in and of itself has governments appear increasingly keen to develop exploits in-house.

The take-away here is that no one can possibly be completely insulated against a hacker with a powerful exploit, it’s just a matter of when and how bad your system is affected. Preparing for that day is the trick to being able to rise from the ashes of a burned network. Utilizing a comprehensive cloud backup can be the difference between your next hack being a nightmare or a mere annoyance.

Leave a Reply