Codename "Double Kill"​: The top cyber security vulnerability of 2018

Codename "Double Kill"​: The top cyber security vulnerability of 2018

by Nicholas Patterson, Phd


"Browser exploits are still the most effective exploited vulnerability from 2018. With new threats to mobile and IoT in the cyber security space our focus shifts in that direction, however, we still need to keep a close eye and be vigilant on the most effective exploit avenues such as browser exploit-ability." 

-Dr. Nick Patterson

Cyber security issues have grown exponentially especially over the past few years (according to Verizon's 2018 data breach investigations report - 53,308 security incidents, 2,216 data breaches, 65 countries, 67 contributors) encompassing a wide array of dimensions such as hacktivism (the use of hacking and technology to promote politics) such as where hackers broke into the social media account of journalists to spread their political viewpoint to more financial endeavours such as stealing information for profit such as the recent attack where hackers used malware to penetrate the network of Cabrini Hospital, stole 15,000 files and demanded a ransom.

No alt text provided for this image

You might ask how are these systems being exploited so often and what vulnerabilities are being targeted? Thanks to a report by Recorded Future, they have conducted research and given us an insight into the top cyber security vulnerabilities from Jan 1st, 2018 until Dec 31st 2018 - everything from exploit kits to trojan and phishing attacks.

A number of key points in what they discovered were:

  • Microsoft produced software was the hardest hit, which has 8 of the top 10 vulnerabilities (typically a focus of hackers because of the widespread nature of Microsoft products).
  • Exploit kits have dropped in production by 50% compared to 2017 (no known reason, but its a good sign).
  • 35 new remote access trojans were released in 2018 versus 47 in 2017. A drop but still a high amount.
  • Threatkit was by far the most powerful exploit kit due to the fact it houses 4 out of 10 of the top 10 vulnerabilities while being relatively cheap on the dark web at $400.

In this article lets have a look at the top cyber security vulnerability of 2018, what it is, how does it work and what software does it impact.

Codenamed "Double Kill" or more officially known as CVE-2018-8174 is a Microsoft Internet Explorer vulnerability (affecting the VBScript engine) which allows hackers to corrupt the memory of a victim's system and execute arbitrary code (basically allowing the hacker to run commands on the exploited system to install software/delete files/change data or create accounts). As mentioned Internet Explorer is the primary vulnerable software for this exploit, however, because this can be launched from a number of applications like Microsoft Office, many Windows operating systems are affected.

No alt text provided for this image

Image Source: NIST - National Vulnerability Database

CVE-2018-8174 is kicked into action when a user of a Windows-based system visits a malicious website crafted by a hacker. By visiting a website of this nature, an HTML page will be downloaded that contains malicious code (packaged as an MSHTML object) and executes it, resulting in your machine becoming exploited. How it manages to bypass the VBScript protection mechanisms is because this type of MSHTML object is not blacklisted and hence allows the code to be executed.

Thankfully Microsoft has now patched this serious vulnerability on May 2018 in all affected software (Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers).

As critical exploits such as these (often referred to as 0day) pop up across each year, there is not a whole lot you can do to avoid them if you are targeted until they are patched. Why is this? Often because general knowledge users are targeted who often don't have a large amount of cyber security education or awareness. Is there anything you can do in the meantime before these kinds of exploits get patched? There are a few measures I have suggested:

  • Educate and make your staff aware of cyber security and how to try avoid potential threats.
  • Some might say avoid using Microsoft products (as mentioned these account for 8 of the top 10 vulnerabilities).
  • Remove software and services from your system/s which are not utilised or needed.
  • Patch as soon as possible, this means install all the old patches and new ones as they come are released.
  • Use a correctly configured firewall (and intrusion detection system) to try and prevent hackers from getting access to your systems, even if they are exploited.
  • Encrypt your data so if the hackers do get into your system/s, the data will be scrambled.

About the Author

Dr Nicholas Patterson is a Senior Lecturer at an Australian University with a PhD in Cyber Security. He also runs his own technology consulting company named Cognivity http://www.cognivity.com.au, that brings advanced research into industry to increase capability and outcomes. His PhD earned him the Alfred Deakin medal and has been formally recognised with three awards for teaching excellence in 2016/2017 and 2018.


The article has been originally published at: https://www.linkedin.com/pulse/cve-2018-8174-top-cyber-security-vulnerability-2018-patterson-phd/


June 26, 2019

Leave a Reply

avatar

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
Notify of

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013