This article is more than 1 year old

APT devs are LOUSY coders, says Sophos

Fear crims who invest in code for dough, not those who put themselves on show

The most infamous advanced persistent threat groups write exploits that fail more often than they work, malware bod Gabor Szappanos says.

The malware prober with SophosLabs Hungary office examined 15 exploit writing groups and rated six as having only basic skills.

Szappanos found one popular exploit (CVE-2014-1761) used as a performance benchmark given its popularity with crims, failed in 70 percent of attacks that targeted Microsoft Office 2010 users with malicious text documents.

"In fact, we found that the malware groups have limited understanding of or ability to [successfully] modify the initial exploit," Szappanos said in the research document Exploit This: Evaluating the Exploit Skills of Malware Groups (PDF).

"The APT players lack deep skills of exploitation. They are quick to adopt new exploits, as samples or Metasploit modules become available, but they don't usually develop the exploit themselves and don't make significant modifications to them.

"Surprisingly, known APT groups showed less sophistication than more mainstream criminal groups."

Red exploit groups failed, green succeeded. Credit Sophos.

Six groups fell short rated 'pro' and one each was chalked up as 'advanced', and 'skilled'.

The study isn't conclusive because exploit writers generally make only enough effort to get a job done and aren't generally in the business of smashing mosquitos with hammers.

Yet Szappanos believes there is an obvious failure of quality assurance testing among advanced threat groups compared to their criminal rabble counterparts. This could be good news for high value victims and bad for general net users who are the cash cow of the latter criminal group.

Szappanos said system administrators should take the news as a calling to respond quickly to vulnerability reports to help stay ahead of targeted attacks. ®

More about

TIP US OFF

Send us news


Other stories you might like