May 9, 2016 By Douglas Bonderud 2 min read

Why wait for security threats to emerge when it’s possible to proactively find IT weaknesses? That’s the idea behind proof-of-concept (PoC) exploits: Researchers find and report vulnerabilities rather than waiting for them to emerge in the wild.

According to SecurityWeek, the number of PoC exploits has increased dramatically over the last year, with many shared via the not-so-secure platform of social media. Friendly warning: The gap between experiment and actual exploit is rapidly closing.

Share and Share Alike

The new PoC data comes from research firm Recorded Future, which found 12,000 PoC exploit references shared on the Web since March of last year. That’s an almost 200 percent increase over the previous 12 months.

Twitter was the central vehicle for code sharing, with researchers posting links to code repositories, paste sites and even Deep Web forums. At first glance, this looks like a positive step for InfoSec since more researchers were finding flawed code before hackers got their hands on it.

But as noted by Dark Reading, the rate of exploit detection is quickly outstripping organizations’ ability to monitor or respond. According to Nicholas Espinoza, a senior solutions engineer at Recorded Future, development of exploit code is happening “at such an insane speed there is no one to manage it.”

Worst case? Within a week of detection, cybercriminals pick up the vulnerability on social channels and adapt it for the wild.

Broad Spectrum, Big Problems

There’s virtually no limit on PoC vectors. Those making the rounds on social media included vulnerabilities for Android, DNS, SSH, FTP and OpenSSL, in addition to Web browsers and smartphones. The most popular PoC this year was CVE-2015-7547, which covered a remote code execution in the glibc library.

Other big-ticket PoC exploits were Windows Server vulnerabilities such as CVE-2015-1635 and CVE-2016-0051, a VM escape flaw called VENOM and Android’s Stagefright. Platform, OS and device type don’t matter; if the exploit is made available, people will take notice, and there’s no guarantee they have good intentions.

The Problem With PoC Exploits

Ultimately, that’s the heart of the problem: Once downstream on social media, there’s no way to control PoCs’ final destination. All it takes is one person copying the PasteBin link to another tweet or Facebook post for the code to go further than intended.

Researchers have good intentions when developing proofs of concept; malicious actors do not. It all comes out in the wash, however, on social media. No matter the aim, social posting is akin to releasing this code into the wild — claws and all — and leaving companies to clean up the mess.

With companies already swimming in a sea of potentially dangerous PoC exploits, it’s hard to sort out which are the most pressing and which can safely be ignored — right up until they’re attacked. While organizations can’t stop cybercriminals from sharing exploit data, the good guys can make a better choice: Leverage what cybercriminals post publicly to engineer an effective defense, but keep proofs of concept off social networks until fixes are found and finalized.

More from

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today