PWN Cyber Exploit Archive – March 2019

Commentary

• Mobile payouts (due to the value of user data) exceed server payouts because often the exploit on a server is part of a complex kill chain. The app is just one step in the process. Further, remote code execution payouts of IOS are high (Apple still rules mobile). Given Apple’s closed system and tight security efforts and the demographics of its customers, gaining access is a premium service that few attackers can achieve. The scarcity of the supply of exploits drives the price up.
• Most sought after exploits are remote code execution because such exploits provide the attacker with the ability to execute malicious code and take complete control of an affected system with the privileges of the user running the application
• For messaging apps, hackers desire both remote code execution and local privilege execution, perhaps to send malicious links to other users. Given the popularity of messaging apps on mobile devices and the increased utilization of messaging between parties, hackers gain access to a device via a messaging app to enable a persistent way to collect data about a user or to dupe a user into performing additional steps to gain access to the mobile device itself.
• Virtual machine escape, defined as breaking out of a virtual machine and interacting directly with the host operating system, presents risk to enterprise private cloud deployments. Multiple CVEs exist related to proprietary deployments such as VMWare, HyperV, Oracle VirtualBox, as well as open-source emulators that perform hardware virtualization, such as QEMU.
• In summary, by purchasing an exploit on the dark web for less than $21,000, hackers can cause business disruption, reputational damage, injury, and/or significant financial loss.