Don’t Let Your Stacks Topple the Organization

No one likes it when their security systems become compromised. What is worse, is when you thought you were safe. You might think you have the best antivirus and threat detection systems. You might think you have the best possible data monitoring and real-time threat awareness. Maybe you even have defenses set up for insider threat detection. All of these things are very important. If you do not have these things rock-solid, you either are, will be or have been hacked. They might want your product data, trade secrets, and employee data.

No matter who your security firm is, or what software you have, they will try. You need to make sure you have a conversation about return-oriented programming or ROP programming for short. This is a little talked about form of attack, that sophisticated bad actors will and do use. If you are familiar with this, good! If this is your first time reading about return-oriented programming, be prepared to talk to your staff in the morning.

Return oriented programming is a method in which an attacker takes control of a call stack, and then modifies commands to get the machine or device to do as they wish. This may sound like stack smashing (and is similar) but ROP exploits are more advanced, thus more likely to go undetected. It is hard to believe that these sorts of attacks have been going on for years. You would think that once this method was discovered, the threats could be easily removed. While hard to believe, really it has been in the last decade, where these attacks have been taken seriously. The problem with detection and removal is that you have potentially millions of lines of code, that have been inconspicuously changed to do malicious things. This is a relatively new game of cat and mouse, with theories and techniques coming in about the mid-2000s. This is why some of you reading this, have never heard of such an attack. It doesn’t get the same front-page news as ransomware, but you better believe they can be connected.

Let’s Get Some Help Here!

Currently, one of the best ways to protect against a ROP attack is to have your unaligned free branch instructions (think RET or CALL) removed. This automatically shuts a door, that otherwise could be walked right into. You can place your coding in random, changing cloud-based locations. You can have your stack protocols include checkpoint to checkpoint sign off. There are enterprise-wide solutions that can be tailored specifically to your operations. The best way to prepare your defenses is to work with an industry leader like apriority, to advise and prepare your defenses for such attacks. The world of cybersecurity is ever-changing. There will always be bad guys, trying to outsmart the good guys. Even today, someone is exploiting the latest, greatest “security measure”. This has been going on since the dawn of time. You need to have a proactive attitude towards your security. Do not assume that because you are protected, your code and stacks are safe.