Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

PoC Exploits Mainly Distributed via Social Media

An analysis of proof-of-concept (PoC) exploits shared online over the last year has shown that social media is the main distribution channel for PoCs, according to threat intelligence firm Recorded Future.

PoCs are developed by both researchers and threat actors — in many cases to demonstrate the existence of a software vulnerability and to show that it’s exploitable.

An analysis of proof-of-concept (PoC) exploits shared online over the last year has shown that social media is the main distribution channel for PoCs, according to threat intelligence firm Recorded Future.

PoCs are developed by both researchers and threat actors — in many cases to demonstrate the existence of a software vulnerability and to show that it’s exploitable.

A search on Recorded Future’s threat intelligence platform uncovered roughly 12,000 PoC exploit references shared on the Web since March 22, 2015. The company says this represents a near 200 percent increase compared to the previous year.

A large majority of the PoCs identified by researchers were disseminated via social media networks — primarily Twitter. In 97 percent of cases, social media has been used to share links to code repositories, paste sites, other social media networks, and deep Web forums hosting the actual PoC code. In some cases, PoC exploit references were found on code repositories, mainstream sites, blogs, forums, malware and vulnerability reporting websites, and paste sites.

The PoCs targeted technologies such as Android, DNS, SSH, FTP and OpenSSL, and products like Android phones, Windows, Linux, Internet Explorer and Firefox.

The most widely distributed PoC was for CVE-2015-7547, a serious remote code execution vulnerability in the glibc library. The flaw affects numerous products, including ones from Siemens and VMware.

Advertisement. Scroll to continue reading.

The top 10 list also includes Windows Server vulnerabilities (CVE-2015-1635, CVE-2016-0051, CVE-2015-1635), the VM escape flaw known as VENOM, the Stagefright bug in Android, and a Linux kernel vulnerability disclosed in January. The most popular types of vulnerabilities for which PoCs have been developed are buffer overflows and privilege escalations, which is not surprising considering that these flaws can be highly valuable.

“In terms of technology to defend — Windows Servers should, and probably do, keep network defenders up at night. In addition, mobile phones have (hello to our old friends, Stagefright and remote access trojans) become increasingly popular targets for POC development,” said Nick Espinoza, the author of the Recorded Future report on PoCs.

“Researchers and malicious actors focus their time on developing POCs for Web servers/services and consumer products in the Microsoft Office suite, Microsoft IE, etc. These are used across the commercial, consumer, and government sector widely,” Espinoza added.

Related Reading: ICS Flaw Disclosures at High Levels Since Stuxnet Attack

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.