Both cyberattacks and cybercrime are increasing driven by the ongoing COVID-19 pandemic and easy money to be made by the cyber actors, who are suspected to be Russians. One of the most damaging of these attacks are Remote Code Execution (RCE), or an Arbitrary Code Execution. RCE attacks can be especially detrimental to corporate and institutional sectors in both North America and the United Kingdom. When someone takes control of another person’s device or computer, it can be dangerous for the device owner when malware is being installed without their knowledge or permission.
RCEs are where an attacker remotely runs malicious code within a targeted system (e.g., mobile device, computer, etc.) over local Wi-Fi. While the attacker cannot physically access the device, they can still take control over the system by inserting the code into the target system. This allows for the attacker to infiltrate the device, install malware, and steal sensitive data.
RCE attacks happen as follows: First, user input is injected into a file (or string). Next, the whole package is run on the programming language’s parser, which is not a normal action done by developers of web applications. The attack then compromises the entire web application, along with the webserver, thus leading to the device’s compromise.
Such forms include:
- Initial Access allows RCE attackers to run commands in a public-facing application, such as installing malware or do other things that the victim cannot control.
- A Denial-of-Service (DoS) attack has RCE attackers run code to interfere with operations of an application or multiple on a system.
- Information disclosure is when RCE attackers install malware or execute commands to steal data from the vulnerable device.
- RCE attackers also use ransomware to hijack a person’s device, steal data or files, and demand the user to “pay a ransom” in order to regain access to affected device.
- RCE attackers can also use cryptomining (or cryptojacking) malware to mine cryptocurrency on a compromised device.
- RCE attackers may take total control of a device and the user can’t do anything to get it back.
- Detecting RCE Attacks - While RCE attacks are inevitable, corporate and institutional sectors can still detect and mitigate such attacks.
RCE attacks are problems for any sized organization, especially when tp corporate and institutional sectors. With cybercrime increasing every day, it is important to ensure that your organization is protected from such attacks.[1]
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization who has long collected and analyzed cyber indicators. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://www.cybersecurityintelligence.com/blog/a-quick-guide-to-remote-code-execution-rce-6114.html
Comments