Proof of Concepts Soared 200% in 2015
Hackers increased their production of proof-of-concept (PoC) exploits by nearly 200% since 2014, according to new data from threat intelligence firm, Recorded Future.
The firm scoured hundreds of thousands of sources to seek out where PoCs were developed, discussed and shared last year.
“These POCs are developed for a few reasons,” Recorded Future explained.
“To demonstrate that software is exploitable, force a company to develop a critical patch, showcase skills, or, in the most malicious cases, claim deniability for developing an easily shared and working exploit that can run on real-world targets by removing a comment or adding some code.”
In total, the firm found 12,000 PoCs over the past year, although it must be added that the load was shared between black hats and researchers.
Perhaps unsurprisingly given their ubiquity, ‘commercial’ software such as Microsoft Office and Android, as well as Windows servers and Linux machines, were the most targeted during the period.
“Vulnerabilities that allow initial system access through privilege escalation and buffer overflow attacks are the primary focus of POC development,” the report claimed.
Interestingly, PoCs were disseminated most frequently via social media rather than paste sites, blogs, forums and the like.
In this, Twitter was the favored tool of choice, with users linking to GitHub, Pastebin, Facebook and Reddit or deep web forums.
Among the vulnerabilities most discussed in the context of PoCs were Stagefright and glibc, with a heavy focus in the top 10 on Linux and Microsoft Windows servers.
Recorded Future predicted a continued rise in the number of PoCs over the coming year, but as the black hats move faster and generate and share more tools real-time situational awareness is getting more difficult for security professionals, it said.
This is borne out by the new Verizon Data Breaches Investigation Report, which reveals that in 83% of cases it takes a victim organization weeks or longer to discover that they’ve been breached.
Source: Information Security Magazine