Most cyberattacks involve criminals exploiting some sort of security weakness. That weakness could be down to a poorly chosen password, a user who falls for a fake login link, or an attachment that someone opened without thinking.
However, in the field of computer security, the word exploit has a specific meaning: an exploit is a way of abusing a software bug to bypass one or more security protections that are in place.
Software bugs that can be exploited in this way are known as vulnerabilities, for obvious reasons, and can take many forms.
For example, a home router might have a password page with a secret “backdoor code” that a crook can use to login, even if you deliberately set the official password to something unique.
Or a software product might have a bug that causes it to crash if you feed it unexpected input such as a super-long username or an unusually-sized image – and not all software bugs of this sort can be detected and handled safely by the operating system.
Some software crashes can be orchestrated and controlled so that they do something dangerous, before the operating system can intervene and protect you.
When attackers outside your network exploit a vulnerability of this sort, they often do so by tricking one of the applications you are using, such as your browser or word processor, into running a program or program fragment that was sent in from outside.
By using what’s called a Remote Code Execution exploit, or RCE for short, an attacker can bypass any security popups or “Are you sure” download dialogs, so that even just looking at a web page could infect you silently with malware.
Worst of all is a so-called zero-day exploit, where the hackers take advantage of a vulnerability that is not yet public knowledge, and for which no patch is currently available.
(The name “zero-day” comes from the fact that there were zero days during which you could have patched in advance.)
What to do?
Patch early, patch often!
Reputable vendors patch exploitable vulnerabilities as soon as they can. Many vulnerabilities never turn into zero-days because they are discovered responsibly through the vendor’s own research, or thanks to bug bounty programs, and patched before the crooks find them out.
Use security software that blocks exploits proactively
Many vulnerabilities require an attacker to trigger a series of suspicious operations to line things up before they can be exploited. Good security software like Sophos Endpoint Security and Sophos Intercept X can detect, report and block these precursor operations and prevent exploits altogether, regardless of what malware those exploits were trying to implant.
Paul Ducklin is a senior security advisor at Sophos. Read more Sophos guest blogs here.