CVE (Common Vulnerabilities and Exposures) is a list of publicly known cybersecurity vulnerabilities and exposures. Its purpose is to facilitate the sharing of data and to alert users of required actions to mitigate potential threats in the cyber world. Although the practice of alerting the public with new CVEs is a crucial component in contemporary cyber-security strategy, Sixgill has identified a common practice in the Dark Web underground which indicates that publishing CVEs could turn out to be a double-edged sword. From what we are seeing, cyber threat-actors are continuously searching for new vulnerabilities and they invest considerable effort in finding ways to exploit these vulnerabilities.
For example, Sixgill recently identified such a criminal behavior involving CVE-2018-7600. On March 28, 2018, Drupal, a back-end framework used by websites worldwide, confirmed that a highly critical vulnerability (CVE-2018-7600, nicknamed "Drupalgeddon2") was affecting Drupal 8, 7, and 6 sites. Drupal explained that exploiting the vulnerability could have "a dramatic impact" on the site. It seems that this announcement alerted underground actors to the vulnerability and triggered discussions among threat-actors, who were seeking to exploit it before users had the chance to fix it.
Download this whitepaper to find out:
- How cyber threat-actors are continuously lurking for new vulnerabilities and trying to exploit them
- Insights into the underground discourse regarding new exploits, and how to help mitigate the threat this poses
- Recommendations regarding the Drupal vulnerability to help mitigate the threat