Cyber-Attackers Speeding Up Exploits of Known Software Flaws
Increasing evidence suggests that the time between the public disclosure of a security flaw and its widespread exploitation is shrinking.Recent incidents have highlighted that attackers are quickly turning public vulnerability information into exploits, leaving defenders with a shrinking window in which to patch software flaws. On Oct. 29, the security team for the popular content management system, Drupal, warned users that a SQL injection vulnerability disclosed on Oct. 15 was exploited so quickly that sites that haven't patched the flaw should assume that they are compromised. In early October, security firms warned that multiple attackers had begun using a previously unknown vulnerability in Windows first exploited in the so-called "Sandworm" campaign. The Sandworm vulnerability is expected to make its way into exploit kits and become more widely used. "Once the attack becomes well-known and publicized, then a lot of other groups start to look at it, and people who are selling exploit kits add it to their kits, and then everyone who buys the kits will be able to use it," Kevin Haley, director of Symantec Security Response, told eWEEK.
While many vulnerability researchers have noted the seeming relationship between the disclosure and exploitation of vulnerabilities, the link has only occasionally been studied. In a paper published in 2012, Symantec researchers found that, soon after details of a zero-day vulnerability were disclosed to the public, the number of attacks using that security flaw skyrocketed—in some cases by a factor of 100,000. The researchers concluded that "the disclosure of zero-day vulnerabilities causes a significant risk for end-users."