Exploits are incredibly powerful tools that are used by cyber criminals to take advantage of vulnerabilities in IT systems. A single exploit can bring millions of malware variants into circulation. The good news? By putting a stop to these exploits, you can block the majority of malware applications before they even reach your systems. The bad news? Traditional malware protection won’t let you do this. For this reason – and to allow you to carry on sleeping peacefully at night – we’ve developed six best-practice measures for you, all with just one goal: to give you with an effective defence against exploits. Read on to find out how this works...
As the person in your organisation with responsibility for security, you’ll probably already know that exploits are among the most frequently used methods for distributing malware. By exploiting vulnerabilities in legitimate software products, they enable hackers to infect computers for criminal purposes. Traditional antivirus solutions have only focused on stopping malware activity, rather than on tackling exploits themselves. This is a fatal error, however. Although millions of different malware variants are in circulation, but hackers use only around ten different techniques for exploiting software vulnerabilities. If you can therefore successfully prevent such exploit-based methods, you can block a substantial number of malware varieties before they gain a foothold in your systems. In this way, exploits can be blocked even if they involve what are termed “drive-by” attacks or “zero-day” vulnerabilities. But first things first...
What exactly are exploits?
In most cyber attacks, criminals take advantage of security vulnerabilities such as out-of-date browser plug-ins (Flash, Java, Silverlight) or obsolete browser versions. The attacks are carried out in an insidious and sneaky way, and can even fool careful users. The specific term “exploit” refers to the exploitation of a software bug for the purpose of circumventing one or more existing security barriers. As for “zero-day” exploits, these involve the use by hackers of a vulnerability that, to date, has been largely unknown and for which no patch has been released.
While selling exploits isn’t illegal, it is lucrative:
Annual subscriptions for 25 zero-day vulnerabilities can cost up to $2.5 million.
To distribute malware, cyber criminals deploy what are termed “exploit kits”. These are toolkits that are pre-packaged with malicious websites or software and which are bought, licensed or leased by criminals with the aim of bringing malware into circulation. Instead of finding out themselves how to prepare a website so as to infect visitors’ devices, the hackers rely on a ready-made attack code within an exploit kit. This code tries out a series of known security loopholes in the hope that one of them will work. As well as exploit kits that transfer viruses over the Internet, criminals can also turn to a variety of similar kits for use in email and phishing campaigns. With these, the attacker sends a file attachment to unsuspecting users. If the scam works, the user then opens the attachment, thus installing the malware.
That’s why patches are so vital
As we’ve already seen, exploits take advantage of vulnerabilities in legitimate software applications. All reputable software vendors therefore develop patches to resolve such vulnerabilities as soon as these are reported. Even so, there’s always a delay between the discovery of a vulnerability and the development of a patch. It’s therefore very important that security patches are installed as soon as possible after their release to ensure that the risk of a successful attack is countered at the earliest opportunity.
A policy of relying solely on patches, however, would be very naive. Why? The answer’s simple. Although millions of different malware variants are in circulation, hackers use only around ten different methods for exploiting software vulnerabilities. Blocking such exploit activities therefore represents a highly efficient and effective way of rendering a considerable number of malware varieties harmless in one go.
Best-practice measures: six steps to security
To successfully enhance your defences against exploits, our security experts recommend the following procedure:
- Rely on Sophos InterceptX! Sophos InterceptX is a next-generation endpoint solution offering powerful anti-exploit features. These enable Sophos InterceptX to detect and block exploit-related activities. This also helps you to combat zero-day-type exploits, which take advantage of unknown vulnerabilities. Malware threats are thereby stopped before they can even reach your computer.
- Install patches promptly and regularly. Doing this will prevent hackers from exploiting any vulnerabilities that have already been identified.
- Keep your security software up to date. A good antivirus solution can block attacks transmitted within documents at a number of different points. This means, for example, that you can remove dangerous email attachments before they are opened, filter out harmful websites and also block malicious files before you’re even able to open them.
- Keep your employees informed. Train up your workforce on how to use email and the Internet in a secure way. This will help you to eliminate a number of hazards – and not just exploits – in good time.
- Consider using a simple document viewer. Microsoft’s Word Viewer tool, for example, is generally much less vulnerable to malware than Microsoft Word itself. In addition, the tool disables macros, which are often hijacked by ransomware applications.
- Remove any unused browser plug-ins. If you don’t really need Java (or Silverlight or Flash) in your browser, then uninstall the associated plug-in. An exploit kit will simply be unable to attack browser components that are not present.
Shut down zero-day threats before they shut you down
Sophos InterceptX will protect you from complex ransomware attacks and zero-day threats. As a next-generation endpoint solution, it incorporates signature-free anti-exploit, anti-ransomware and anti-hacking technology, root cause analysis and powerful features for clearing up malware.
Interested in finding out more? Experience the benefits of the next-generation root cause analysis offered by Sophos InterceptX right now, download the free trial version. You won’t regret it!