Miscreants tripled output of proof of concept exploits in 2015
Pastebin is for old hats. Cool black hats use Twitter now
Hackers collectively tripled the production of Proof-of-Concept exploits last year, according to a new study out on Thursday.
Researchers and black hats develop proof-of-concept (PoC) exploits for research or demonstration purposes.
These PoCs are developed for a various reasons – to demonstrate that software is vulnerable, force a company to develop a critical patch, showcase skills, or, in the most malicious cases, claim ownership of a working exploit that can run on real-world targets.
More often than not PoC exploits are quickly picked up and used for real life attacks, according to a new study by threat intelligence firm Recorded Future. Vulnerabilities that allow initial system access through privilege escalation and buffer overflow attacks are the primary focus of POC development.
Approximately 12,000 references to shared PoCs were generated over the last year showing significant distribution amongst threat actors and researchers, a near 200 per cent (three-fold) increase compared to 2014. Social media has become a primary source from advertising or otherwise promoting PoC exploits, replacing formerly more fashionable outlets such as Pastebin, as Recorded Future explains.
Our research shows that PoCs are disseminated primarily via Twitter, with users flagging PoCs to view externally in a range of sources – code repositories (GitHub), paste sites (Pastebin), social media (Facebook and Reddit surprisingly), and deep Web forums (Chinese and Spanish forums).
Consumer software (Microsoft Office and Android devices) and Windows Servers/Linux machines were the most targeted platforms for PoC development in 2015.
CVE-2015-3456 (the VENOM vulnerability in virtual machine platforms), CVE-2015-2370 / MS15-076 (a flaw in Windows Remote Procedure Call), CVE-2016-0051 (a WebDAV privilege elevation flaw), CVE-2015-1635 / MS15-034 (a remote code execution flaw in HTTP.sys) were the most discussed vulnerabilities with PoCs during 2015.
Discussions tend to focus on exploits against Linux boxes and Microsoft Windows Servers due to the widespread use of both platforms, which makes them appetising targets for exploitation. In addition, Android’s Stagefright vulnerability was of “huge interest to threat actors”, Recorded Future adds. ®