Growth in leaked exploit attacks means penetration testing should be a front-line defensive measure, warns Sec-1

Actively rooting out vulnerabilities is the most effective way of preventing attacks of this nature

Recent research by Kaspersky Lab has found that leaked exploits have rapidly become one of the most dangerous methods of compromising vulnerable systems, with more than five million attacks blocked by the company in the second quarter of 2017 alone. This highlights the vital importance of adequate and frequent penetration testing procedures in finding software flaws, and taking appropriate action before an attack can take place. This is according to internet security experts at Sec-1, a Claranet Group company.

Attackers use phishing emails or hijacked websites to spread malware loaded with an exploit. An exploit is a piece of software that takes advantage of a vulnerability in order to gain access or, in the case of RansomWare, encrypt the device. Recent attacks, such as WannaCry and NotPetya, have the ability to spread and hunt out machines without the latest patches/updates installed. Others, like the original CryptoLocker which first appeared in 2013, spread through spam messages and exploit kits that rely on manipulating user behaviour. Either way, these attacks can succeed so organisations need to redouble their efforts to patch vulnerabilities in their systems. This should go hand-in-hand with existing security efforts which focus on user behaviour.

Holly Williams, Senior Security Consultant at Sec-1 said:

Seeing malware authors bundle leaked exploits in order to improve propagation rates highlights the need for testing of the internal corporate network. This is something that is often overlooked in favour of purely testing the perimeter"

Zero-day attacks are a concern for IT teams, and for the wider business as a whole due to their very nature as an assault on an undisclosed vulnerability. This means that the most up-to-date systems can be compromised. Although real-world attacks utilising malware are still extremely rare and to date, the most effective attacks have exploited known vulnerabilities, an example being the Flash vulnerability, CVE-2015-7645. It’s true that this trend for leaked exploits to be added to malware shows that attackers are becoming more sophisticated in a bid to capitalise on insufficient attention to patching and good security hygiene. Now, more than ever, the justification for performing regular penetration testing is clear, find the unpatched vulnerabilities well before the hackers can get to them."

Alongside this, it is crucial to note that many of the recent high-profile leaks such as EternalBlue, used in the malware WannaCry and NotPetya, actually had a patch already available. This malware also used previously known hacking methods. Again, comprehensive, frequent penetration testing can prevent this from becoming a problem.

Of recent malware, NotPetya in particular was talked about as having done something that is advanced for malware. However, the method of credential extraction used is already well-known to penetration testers and other security experts. As for both WannaCry and NotPetya, a patch was made available months before the attack actually hit. This points to many organisations needing to get a much better handle on the pre-existing vulnerabilities in their systems.”

To help make this happen, Williams feels that entrusting the responsibility for penetration testing to a third party can be hugely beneficial.

A third party organisation brings a fresh pair of eyes to the testing process, meaning they can often spot vulnerabilities (and an absence of available patches) more effectively than IT staff who have been close to the system for a long period of time. In short though, it all boils down to being better prepared: exploits can be hugely dangerous, so implementing the right testing procedures aimed at determining where current security practices are insufficient should be a key priority.”