Back to Main Navigation

PREDICT EXPLOITS

REDUCE COSTS

PREDICTION FOR THE CLOUD

ADVANCED CAPABILITIES

Back to Main Navigation

Resources

Predictive Threat Assessment Sign Up

Watch Now

PR1ORITY Product Demo
Back to Main Navigation

About CYR3CON

Come Join Us

CYR3CON is always looking for top talent to join our team.
View Openings
Back to Main Navigation

Take the next step to be in the know, now.

Complete the form and a member of the CYR3CON team will contact you shortly to discuss your cyber security needs.

Contact Form

Blog

Why the new Apache Struts Vulnerability will be Targeted

Posted by Paulo Shakarian on Aug 27, 2018 4:04:39 PM

Last week, a new Apache Struts vulnerability was announced (CVE-2018–11776). So the big question becomes when an exploit will become more fully weaponized. The other day, a proof-of-concept exploit was released.

At CYR3CON we’ve been focusing a lot on predicting which vulnerabilities that will be exploited — so we are looking at this as the first in a series of articles.

The thing we look at is threat — what vulnerabilities are the hackers going to target. When creating exploits, hackers have certain preferences that align with their knowledge, skills, and abilities. They want to create exploits quickly that are relevant to targets they are interested. So will hackers be interested in weaponizing CVE-2018–11776? Lets look at a few characteristics of the vulnerability and how they signify interest in the hacker community:

  • The vulnerability does not require user interaction are 13.3% more likely to be discussed by hackers
  • The vulnerability does not require privileges 6.7% more likely to be discussed by hackers
  • The vulnerability has a low attack complexity are 12.0% more likely to be discussed by hackers

The above CYR3CON platform leverages years of hacker community data (primarily deep and darkweb) communities. This data can provide insights into new vulnerabilities. All of the the above-mentioned characteristics are indicators of greater hacker interest. Taken together, we estimate a 35.3% increase in likelihood of hacker interest. Keep in mind, this resembles increase in likelihood over what is normal — which means these numbers are significant.

These factors of CVE-2018–11776 are aspects popular among hackers. It means that it is more likely for hackers to develop exploits and distribute in their communities. The impact on business? This is very comparable to the Equifax breach — it is a significant vulnerability.

With these characteristics, we can expect evolution beyond the proof-of-concept code to a more weaponized exploit such as a Metapsloit module or as part of a common malware platform.

As CYR3CON our recommendation is to mitigate this vulnerability by upgrading Apache struts. If the upgrade is planned early, it may be in-place in time prior to the recent proof-of-concept code becoming fully weaponized.

Topics: Cybersecurity, Third Party, Risk Management, Apache Struts, Vulnerability