No one likes it when their security systems become compromised. What is worse, is when you thought you were safe. You might think you have the best antivirus and threat detection systems. You might think you have the best possible data monitoring and real-time threat awareness. Maybe you even have defenses set up for insider threat detection. All of these things are very important. If you do not have these things rock-solid, you either are, will be or have been hacked. They might want your product data, trade secrets, and employee data.
No matter who your security firm is, or what software you have, they will try. You need to make sure you have a conversation about return-oriented programming or ROP programming for short. This is a little talked about form of attack, that sophisticated bad actors will and do use. If you are familiar with this, good! If this is your first time reading about return-oriented programming, be prepared to talk to your staff in the morning.
oriented programming is a method in which an attacker takes control of a call
stack, and then modifies commands to get the machine or device to do as they
wish. This may sound like stack smashing (and is similar) but ROP exploits are
more advanced, thus more likely to go undetected. It is hard to believe that
these sorts of attacks have been going on for years. You would think that once
this method was discovered, the threats could be easily removed. While hard to
believe, really it has been in the last decade, where these attacks have been
taken seriously. The problem with detection and removal is that you have
potentially millions of lines of code, that have been inconspicuously changed
to do malicious things. This is a relatively new game of cat and mouse, with
theories and techniques coming in about the mid-2000s. This is why some of you
reading this, have never heard of such an attack. It doesn’t get the same
front-page news as ransomware, but you better believe they can be connected.
Let’s Get Some Help Here!
one of the best ways to protect against a ROP attack is to have your unaligned free branch
instructions (think RET or CALL) removed. This automatically shuts a door, that
otherwise could be walked right into. You can place your coding in random,
changing cloud-based locations. You can have your stack protocols include
checkpoint to checkpoint sign off. There are enterprise-wide solutions that can be tailored specifically to your
operations. The best way to prepare your defenses is to work with an industry
leader like apriority, to advise and prepare your defenses for such attacks.
The world of cybersecurity is ever-changing.
There will always be bad guys, trying to outsmart the good guys. Even today,
someone is exploiting the latest, greatest “security measure”. This has been
going on since the dawn of time. You need to have a proactive attitude towards
your security. Do not assume that because you are protected, your code and
stacks are safe.