Skip to content

What is it?

An attack that targets the buffer memory of a device or program by sending more data than the program can handle, thereby writing the extra data into a nearby memory location, which could allow an attacker to run a piece of malicious code.

Why is it important?

If software is not properly patched or designed with secure coding principles from the start, these types of malicious attacks can cause great harm by allowing programs or external parties to access protected nodes or information.

Why does a business professional need to know this?

A buffer overflow can be explained by the old adage that you can’t put 10 pounds of potatoes in a 5-pound bag. When too much data is written to a block, it can overwrite adjacent memory leading to data corruption. A program or device can crash or an attacker can insert malicious code into the overwritten memory and try to execute it.

Because buffer overflow attacks exploit weaknesses in the design of hardware or firmware, defending against such attacks must begin in the early design stages of product development. Because such attacks can potentially give attackers the ability to gain administrator privileges, damage databases, or steal data, mitigating the threat of buffer overflow attacks should have a high priority.

Correctly patching devices, including updating firmware on network equipment, is essential to protect against these types of attacks. When developing products, your best defense is to follow industry best practices for design, development, testing, and code review. Reviewing a program or website for security vulnerabilities before it is placed into production may take a few extra steps, but it will save money if it prevents your system from being exploited. An ounce of prevention is worth a gallon of protection.

A simple buffer overflow attack can take down a web page, a database server, a content management system, or a mail server. The recent Meltdown and Spectre vulnerabilities have shown that buffer overflow attacks have the potential to open up systems to devastating attacks(Claburn 2017)(Newman 2018). These vulnerabilities have been identified in processors manufactured by Intel, AMD, and ARM, which are in a considerable number of computers and devices, including phones, tablets, laptops, and servers.

References

About Shawn Connelly

Photo of Shawn Connelly

Shawn Connelly holds two master’s degrees, one in cybersecurity and information assurance and another in IT management. He holds his Certified Information Systems Security Professional (CISSP), Certified Chief Information Security Officer (CCISO), Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), Cisco Certified Network Professional (CCNP), VMware Certified Professional (VCP), VCP-NSX, and six Microsoft Certified Solutions Expert (MCSE) certifications. Shawn has worked for more than 20 years in IT, including the last five years as a director of security.

Term: Buffer Overflow Attack

Email: shawnconnelly1@gmail.com

Twitter: @VirtualizationG

LinkedIn: linkedin.com/in/virtualizationg

What is it?

A form of malware whose purpose is not to damage an environment, but rather to persist undetected and harvest data such as intellectual property or customer data.

Why is it important?

Advanced persistent threats are significant because they represent a different modus operandi for hackers, where persistence is key to the operation of the malware, and the objective is data theft.

Why does a business professional need to know this?

Advanced persistent threats (APT) are dangerous because they can remain undetected while harvesting critical customer or intellectual property data from the target organization. Depending on the type of data harvested, a company can suffer significant damage to its reputation and be exposed to serious legal consequences.

Most APTs are delivered by social-engineering mechanisms, such as targeted campaigns or spear phishing against an organization. Once a system has been compromised, the APT seeks not only to persist, but to discover, proliferate, elevate privileges, and remain undetected.

The ultimate goal is to extract targeted information from the victim in a manner that is difficult to detect by ordinary detection and incident response methods, generally using encryption to blend in as ordinary HTTPS traffic.

An APT can persist for months or, in extreme cases, years without detection, sending data to its command and control structure only when a certain set of criteria are met.

APTs have evolved into more malicious types of malware, such as remote access trojans (RAT) and, potentially more devastating, various forms of ransomware. At the root of each of these advanced forms of APT you can still find the original elements of APT: increased levels of encryption for command and control, malware that is aware of sandboxes and other containment technologies, and better subversion techniques. These elements have made APTs the current method of choice for cybercriminals.

Business professionals should ensure that their cybersecurity specialists understand and employ the tactics, techniques, and procedures required to detect these exploits(Fireeye).

References

  • (Fireeye) Anatomy of Advanced Persistent Threats: FireEye. Promotional content from FireEye cybersecurity software company that describes advanced persistent threat (APT) attacks and contains a link to a video that illustrates how APTs work.

About Paul Brager, Jr.

Photo of Paul Brager, Jr.

Paul Brager, Jr., M.Sci, Certified Information Systems Security Professional (CISSP), Global Industrial Cyber Security Professional (GICSP), Certified Information Security Manager (CISM), has been a contributing member of the cybersecurity community for over 20 years, specializing in security architecture, industrial cybersecurity, and digital forensics and incident response. He has extensive experience in the oil and gas, manufacturing, chemical, and telecommunications sectors, having held various leadership roles throughout his career.

Term: Advanced Persistent Threat

Email: professorbrager@outlook.com

Website: hiddencyberfigures.com

Twitter: @ProfBrager

LinkedIn: linkedin.com/in/professorbrager

What is it?

A network of computers that have been infected by a malicious software program -- a bot -- which turns them into zombie machines that can be remotely controlled by an attacker without the zombie machine owner’s knowledge.

Why is it important?

Cyber criminals use botnets, which can contain from 100 to over 100,000 zombies, as free resources to execute attacks. A botnet can execute Distributed Denial of Service (DDoS) attacks, store illegal content, and send spam, viruses, phishing email, and spyware.

...continue reading "Term of the Week: Botnet"

What is it?

Malicious code that encrypts files on a computing device, enabling an attacker to demand a ransom from the legitimate owner to recover the encrypted data.

Why is it important?

Numerous high-profile ransomware cases – including the May 2017 WannaCry ransomware attack that struck at least 50 organizations(WannaCry 2017) – have occurred over the last several years, involving medical centers, police departments, and government organizations. These occurrences show the negative impact ransomware can have on an organization’s operations and finances.

...continue reading "Term of the Week: Ransomware"

What is it?

An exploit in which an attacker, typically using email, attempts to trick a computer user into opening web links, entering personal information into a web form or fake website, or taking an action that allows the attacker to obtain sensitive information. Spear phishing targets a specific individual or group of individuals using personal information.

Why is it important?

Phishing and spear phishing are the most common attack methods for attackers to gain an initial foothold into an organization or obtain sensitive data.

...continue reading "Term of the Week: Phishing"