May 9, 2016 By Douglas Bonderud 2 min read

Why wait for security threats to emerge when it’s possible to proactively find IT weaknesses? That’s the idea behind proof-of-concept (PoC) exploits: Researchers find and report vulnerabilities rather than waiting for them to emerge in the wild.

According to SecurityWeek, the number of PoC exploits has increased dramatically over the last year, with many shared via the not-so-secure platform of social media. Friendly warning: The gap between experiment and actual exploit is rapidly closing.

Share and Share Alike

The new PoC data comes from research firm Recorded Future, which found 12,000 PoC exploit references shared on the Web since March of last year. That’s an almost 200 percent increase over the previous 12 months.

Twitter was the central vehicle for code sharing, with researchers posting links to code repositories, paste sites and even Deep Web forums. At first glance, this looks like a positive step for InfoSec since more researchers were finding flawed code before hackers got their hands on it.

But as noted by Dark Reading, the rate of exploit detection is quickly outstripping organizations’ ability to monitor or respond. According to Nicholas Espinoza, a senior solutions engineer at Recorded Future, development of exploit code is happening “at such an insane speed there is no one to manage it.”

Worst case? Within a week of detection, cybercriminals pick up the vulnerability on social channels and adapt it for the wild.

Broad Spectrum, Big Problems

There’s virtually no limit on PoC vectors. Those making the rounds on social media included vulnerabilities for Android, DNS, SSH, FTP and OpenSSL, in addition to Web browsers and smartphones. The most popular PoC this year was CVE-2015-7547, which covered a remote code execution in the glibc library.

Other big-ticket PoC exploits were Windows Server vulnerabilities such as CVE-2015-1635 and CVE-2016-0051, a VM escape flaw called VENOM and Android’s Stagefright. Platform, OS and device type don’t matter; if the exploit is made available, people will take notice, and there’s no guarantee they have good intentions.

The Problem With PoC Exploits

Ultimately, that’s the heart of the problem: Once downstream on social media, there’s no way to control PoCs’ final destination. All it takes is one person copying the PasteBin link to another tweet or Facebook post for the code to go further than intended.

Researchers have good intentions when developing proofs of concept; malicious actors do not. It all comes out in the wash, however, on social media. No matter the aim, social posting is akin to releasing this code into the wild — claws and all — and leaving companies to clean up the mess.

With companies already swimming in a sea of potentially dangerous PoC exploits, it’s hard to sort out which are the most pressing and which can safely be ignored — right up until they’re attacked. While organizations can’t stop cybercriminals from sharing exploit data, the good guys can make a better choice: Leverage what cybercriminals post publicly to engineer an effective defense, but keep proofs of concept off social networks until fixes are found and finalized.

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today