The term, “exploit,” refers, in the IT world, to programs that identify vulnerabilities. Most cyber criminals use exploit programs that exploit the vulnerabilities found. Therefore, add exploits to malicious software (malware).
What does the term “exploit” mean in detail?
- Exploit programs are also used by programmers to detect and then fix security vulnerabilities.
- Cyber criminals spread malicious exploit programs in two main ways:In advertising banners:
- After clicking on the ad, the exploit program is downloaded unnoticed.
- As files, mostly as email attachments
If a cyber criminal discovers a previously unknown security vulnerability, he or she can exploit it until it becomes known and closed by an update. But as long as the relevant update has not been installed, the vulnerability in question can be exploited.
Cyber criminals like to use so-called “exploit kits.” These include several different exploit programs that check a system for different security vulnerabilities.
Where am I most likely to encounter exploits in everyday work?
Like a lot of other malware, exploits can be found on the Internet or in your email program.
- Web banners spreading exploits can also be switched for completely reputable sites (see Malvertising).
- E-mails whose attachments contain exploits can look legitimate at first or even second glance. For example, they might seem to be from one of your customers or they might include an application. Your attention and critical handling of advertising on the Internet and with email can keep your business from being seriously damaged by exploits.
What can I do to protect myself from exploits?
Many measures to increase the cyber security of your company also protect against exploits. Especially:
- Use an ad blocker, if possible, to block banner ads.
- Never click on banner ads. If you see a very interesting ad, go to the appropriate page by typing in the URL.
- Be extremely critical with emails. Verify their authenticity at the slightest hint of suspicion, possibly in several stages. The damage that you can avert this way justifies the effort.
- Always keep your operating system, all software and especially your virus scanner up to date, installing updates as soon as possible.
- Use a firewall that blocks unwanted traffic.
“Backdoor” is an alternative access to a software program or computer. A backdoor can be installed by a legitimate software manufacturer in a program, such as to be able to access the program on behalf of a customer, despite a forgotten password.mehr lesen
Endpoint Detection and Response
Endpoint detection is intelligent security software that is installed on the end device (eg computer, smartphone, tablet) of the user, in conjunction with monitoring by IT security experts.mehr lesen