Category: Exploits

Why does a business professional need to know this?

A buffer overflow can be explained by the old adage that you can’t put 10 pounds of potatoes in a 5-pound bag. When too much data is written to a block, it can overwrite adjacent memory leading to data corruption. A program or device can crash or an attacker can insert malicious code into the overwritten memory and try to execute it.

Because buffer overflow attacks exploit weaknesses in the design of hardware or firmware, defending against such attacks must begin in the early design stages of product development. Because such attacks can potentially give attackers the ability to gain administrator privileges, damage databases, or steal data, mitigating the threat of buffer overflow attacks should have a high priority.

Correctly patching devices, including updating firmware on network equipment, is essential to protect against these types of attacks. When developing products, your best defense is to follow industry best practices for design, development, testing, and code review. Reviewing a program or website for security vulnerabilities before it is placed into production may take a few extra steps, but it will save money if it prevents your system from being exploited. An ounce of prevention is worth a gallon of protection.

A simple buffer overflow attack can take down a web page, a database server, a content management system, or a mail server. The recent Meltdown and Spectre vulnerabilities have shown that buffer overflow attacks have the potential to open up systems to devastating attacks(Claburn 2017)(Newman 2018). These vulnerabilities have been identified in processors manufactured by Intel, AMD, and ARM, which are in a considerable number of computers and devices, including phones, tablets, laptops, and servers.

Why does a business professional need to know this?

Advanced persistent threats (APT) are dangerous because they can remain undetected while harvesting critical customer or intellectual property data from the target organization. Depending on the type of data harvested, a company can suffer significant damage to its reputation and be exposed to serious legal consequences.

Most APTs are delivered by social-engineering mechanisms, such as targeted campaigns or spear phishing against an organization. Once a system has been compromised, the APT seeks not only to persist, but to discover, proliferate, elevate privileges, and remain undetected.

The ultimate goal is to extract targeted information from the victim in a manner that is difficult to detect by ordinary detection and incident response methods, generally using encryption to blend in as ordinary HTTPS traffic.

An APT can persist for months or, in extreme cases, years without detection, sending data to its command and control structure only when a certain set of criteria are met.

APTs have evolved into more malicious types of malware, such as remote access trojans (RAT) and, potentially more devastating, various forms of ransomware. At the root of each of these advanced forms of APT you can still find the original elements of APT: increased levels of encryption for command and control, malware that is aware of sandboxes and other containment technologies, and better subversion techniques. These elements have made APTs the current method of choice for cybercriminals.

Business professionals should ensure that their cybersecurity specialists understand and employ the tactics, techniques, and procedures required to detect these exploits(Fireeye).