Tools for Amateur and Professional Hacker to Exploit Vulnerabilities

The Russian cybercrime underground provides a wide range of tools for amateur and professional hackers, enabling them to leverage the latest application vulnerabilities to target their victims. In order to exploit vulnerabilities in applications and use them to deliver malware and compromise user endpoints, you don’t have to be a genius or have years of hacking expertise. It’s all available for sale.

Trusteer’s security team has recently identified a new offering from a Russian cybercrime forum member: An exploit that is successful 95 percent of the time, according to the seller, which might be related to the stability of the exploit implementation. According to the post, which appeared on a Russian cybercrime forum, the new exploit targets an Adobe Flash Player vulnerability (CVE_2014_0497). Adobe provided a critical patch for this vulnerability on Feb. 4 after an exploit targeting this vulnerability was already seen in the wild.

By exploiting this vulnerability, an attacker can execute arbitrary code and potentially gain remote control of the affected system. The seller, who calls himself “insomnius,” writes that the exploit is 95 percent successful on Internet Explorer (IE) and Firefox (FF). His post, translated from the original Russian, read: “I am selling source code CVE-2014-0497, it is working ~95 percent on IE and FF. All information about current exploit is in the first post.”

Unfortunately, the seller went dark after posting this message so we were unable to get further details about the offer. It could be because exploits targeting this vulnerability have already been included in exploit kits, thus making them highly accessible; likewise, it could also be because the exploit had already been sold to someone else.

If a Patch Exists, Why Are Cybercrime Exploits Successful?

You are probably wondering, “Why would hackers be interested in an exploit if a patch for the vulnerability already exists? Why can it still be successfully exploited?”

The sad reality is that many user endpoints are not properly patched. IT groups struggle to ensure that patches are deployed on all machines, especially those that travel in and out of the organization. Worse, the applications that are most difficult to patch are common applications like Java, Adobe Acrobat and Flash, which can be found on most user endpoints. Other common applications like Microsoft Word, Excel, Outlook, browsers and even media players all have vulnerabilities that can be exploited. Because it is so difficult to manage patches for all the different applications and versions running within the enterprise, many user machines remain vulnerable. The reality is that 60 percent of the exploits target vulnerabilities that have been known for over 12 months.

The worst are zero-day exploits, which target vulnerabilities that are not publicly known. Since they are unknown, there is no patch available to prevent exploitation. Therefore, zero-day exploits have very high success rate and are very valuable in the underground.

Download Free e-Book: Stopping Zero-Day Exploits For Dummies

More from Software Vulnerabilities

Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1

Command & Control (C2) frameworks are a very sensitive component of Red Team operations. Often, a Red Team will be in a highly privileged position on a target’s network, and a compromise of the C2 framework could lead to a compromise of both the red team operator’s system and control over beacons established on a target’s systems. As such, vulnerabilities in C2 frameworks are high priority targets for threat actors and Counterintelligence (CI) operations. On September 20, 2022, HelpSystems published…

Controlling the Source: Abusing Source Code Management Systems

For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within organizations and have been an afterthought in terms of defenses compared to other critical enterprise systems such as Active Directory. SCM systems are used in the majority of organizations to manage source code and integrate with other systems within the…

X-Force Research Update: Top 10 Cybersecurity Vulnerabilities of 2021

From 2020 to 2021, there was a 33% increase in the number of reported incidents caused by vulnerability exploitation, according to the 2022 X-Force Threat Intelligence Index. A large percentage of these exploited vulnerabilities were newly discovered; in fact, four out of the top five vulnerabilities in 2021 were newer vulnerabilities. Vulnerability exploitation was the second most common initial infection vector observed by IBM Security X-Force in 2021, falling closely behind phishing. Cybercriminals are finding new ways of bypassing security…

How Log4j Vulnerability Could Impact You

MITIGATION UPDATE: New vulnerability in 2.17 — CVE-2021-44832 Upgrade to 2.17.1 to mitigate this vulnerability Do NOT enable JNDI in any versions Follow: If you hadn’t heard of Apache Log4j, chances are it’s on your radar now. In fact, you may have been using it for years. Log4j is a logging library. Imagine writing your daily activities into a notebook. That notebook is Log4j. Developers and programmers use it to take notes about what’s happening on applications and servers.…