{"id":2634,"date":"2021-11-01T09:00:00","date_gmt":"2021-11-01T09:00:00","guid":{"rendered":"https:\/\/sectigostore.com\/blog\/?p=2634"},"modified":"2021-10-29T18:55:45","modified_gmt":"2021-10-29T18:55:45","slug":"what-is-a-computer-exploit-and-how-does-it-work","status":"publish","type":"post","link":"https:\/\/sectigostore.com\/blog\/what-is-a-computer-exploit-and-how-does-it-work\/","title":{"rendered":"What Is a Computer Exploit and How Does It Work?"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Would you sleep peacefully if your child monitoring app was leaking the location of your child? Probably not. The <a href=\"https:\/\/www.tripwire.com\/state-of-security\/featured\/analysis-of-a-parental-control-system\/\">security flaws<\/a> found in the Canopy app are the perfect example of vulnerabilities leading to worrying<a href=\"https:\/\/www.tripwire.com\/state-of-security\/featured\/analysis-of-a-parental-control-system\/\"><\/a> exploits. But what is a computer exploit, and how does it work?<\/h2>\n\n\n\n<p>Computer exploits are threats to both your organization and your customers when it comes to data security. Exploits are opportunities for cybercriminals to gain unauthorized access to your systems and data. But before we go into this topic more in depth, consider the following startling statistics.<\/p>\n\n\n\n<p><a href=\"https:\/\/portswigger.net\/daily-swig\/vpn-users-unmasked-by-zero-day-vulnerability-in-virgin-media-routers\"><\/a>The <a href=\"https:\/\/www.keepersecurity.com\/ponemon2020.html\">Ponemon Institute<\/a> reports that in 2020:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>51% of respondents said exploits and malware had evaded their intrusion detection systems,<\/li><li>49% said their antivirus solutions had been fooled, and<\/li><li>57% of the organizations polled worry that their remote workers are targets that bad actors can use to exploit vulnerabilities in their systems.<\/li><\/ul>\n\n\n\n<p>So, two important questions arise: what is a computer exploit? And how does it work? And what can you do to protect your organization against computer exploits?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Is a Computer Exploit? Computer Exploits Explained<\/h2>\n\n\n\n<p>An exploit can be defined as an attack on an IT system or device that takes advantage of a hardware or software vulnerability. A vulnerability is a weakness of some kind \u2014 but we\u2019ll speak more to the difference between a vulnerability and an exploit momentarily. But first, let\u2019s consider a simple analogy of a car to help you better understand the concept of exploits better.<\/p>\n\n\n\n<p>Imagine your car is in the parking lot at Target. As long as its doors are locked, it is generally considered safe. It\u2019s not impossible to steal a locked car, but a thief will have to put in great effort to steal it. However, the story would be completely different if you had left a window slightly open.<\/p>\n\n\n\n<p>The window is the vulnerability through which the thief can break into your car and steal it. But how would a thief enter through a slightly open window? Well, former car thief <a href=\"https:\/\/abcnews.go.com\/Business\/things-car-thieves\/story?id=20938096\">Steve Fuller told ABC News<\/a> how he can pry open a window if he can stick his fingers through the gap.<\/p>\n\n\n\n<p>Let\u2019s compare this example to a computer exploit. If you have a vulnerability (the open window) in your software, hardware, application, or even your network, a bad actor can use their fingers (an exploit) to enter your system (your car) through that vulnerability.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Is the Difference Between a Vulnerability and an Exploit?<\/h2>\n\n\n\n<p>Is there <a href=\"https:\/\/sectigostore.com\/blog\/exploit-vs-vulnerability-whats-the-difference\/\">a difference between a vulnerability and an exploit<\/a>? Yes, there is. Basically, a vulnerability is a flaw in your software or hardware that a criminal could use. This could be something as simple as having outdated software on your device.<\/p>\n\n\n\n<p>You might not be aware that the flaw in your computer system is present, but cybercriminals could be. In fact, many cybercriminals run scans to locate devices, websites, and other assets that have specific vulnerabilities.<\/p>\n\n\n\n<p>An exploit is a tool that helps a cybercriminal leverage this vulnerability to get into your system. An exploit can be designed to work on a particular vulnerability or on multiple vulnerabilities at once. It can also be customized to detect and use vulnerabilities in the system. Referring back to the car theft analogy, the open window represents the vulnerability and the bad guy sticking his fingers through it is the exploit.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How Does a Computer Exploit Affect Your Business?<\/h2>\n\n\n\n<p>If you own a small or medium business, you might wonder how computer exploits or exploit kits (which we\u2019ll talk about later) could harm you or your business. Well, a business organization has many devices connected to its network. While this is helpful to the business owner, it also proves to be their biggest disadvantage as cybercriminals can launch attacks using any of them.<\/p>\n\n\n\n<p>The impact of computer exploits on a small business can be listed as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Data collected and stored can be stolen and used maliciously<\/li><li>Monetary losses can occur due to downtime and loss of business<\/li><li>Reputation losses can occur as your reputation takes a beating<\/li><li>Devices and equipment linked to the devices can become damaged or inoperable<\/li><\/ul>\n\n\n\n<p>Now that we know what an exploit is and why it\u2019s so devastating for businesses, let\u2019s dive into exploring how computer exploits work.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How Does a Computer Exploit Work?<\/h2>\n\n\n\n<p>Computer exploits are commonly introduced to a victim\u2019s device through phishing emails, malicious applications, social engineering, or spear phishing. Once you fall for such emails, cybercriminals might be able to run the exploit program on your device. This exploit program is a way to crack your device security and gain entry, making way for the \u201creal\u201d (i.e., more devastating) malware. The rest of the work \u2014 or rather, the damage \u2014 is done by the malware.<\/p>\n\n\n\n<p>However, for cybercriminals to be able to hack into your IT system, it needs to have a vulnerability. Without a vulnerability, it is almost impossible to hack your systems. As soon as the developers find out about a vulnerability, they release updates or patches to cover it. Developers also pay a bounty to users who discover dangerous flaws in their products. For instance, <a href=\"https:\/\/www.indiatoday.in\/technology\/news\/story\/indian-girl-gets-over-rs-22-lakh-bounty-from-microsoft-for-finding-bug-in-azure-cloud-system-1820379-2021-06-28\">an Indian woman<\/a><a href=\"https:\/\/www.indiatoday.in\/technology\/news\/story\/indian-girl-gets-over-rs-22-lakh-bounty-from-microsoft-for-finding-bug-in-azure-cloud-system-1820379-2021-06-28\"><\/a><a href=\"https:\/\/www.indiatoday.in\/technology\/news\/story\/indian-girl-gets-over-rs-22-lakh-bounty-from-microsoft-for-finding-bug-in-azure-cloud-system-1820379-2021-06-28\"> was paid $30,000<\/a> for finding a bug in the Microsoft Azure cloud system.&nbsp;<\/p>\n\n\n\n<p>Many developers offer \u201cbug bounties\u201d to researchers and users who discover and report vulnerabilities and exploits. There are many legitimate hacker conferences and competitions to discover exploits in popular programs. One such competition is <a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2021\/4\/2\/pwn2own-2021-schedule-and-live-results\">Pwn2Own<\/a> by Zero Day Initiative. Thousands of dollars are paid in different categories of hacking various well-known products. These types of competitions encourage the hackers to work for the betterment of the software community as a whole and the safety of consumers.<\/p>\n\n\n\n<p>By participating in legitimate competitions, the hackers can be encouraged to participate in <a href=\"https:\/\/sectigostore.com\/blog\/white-hat-hacker-ethical-hacker\/\">white hat hacking<\/a> rather than turning towards black hat hacking.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Black Hat vs White Hat Hackers Use Exploits \u2014 They Just Do So in Different Ways<\/h3>\n\n\n\n<p>Simply put, a <a href=\"https:\/\/sectigostore.com\/blog\/white-hat-hacker-ethical-hacker\/\">white hat hacker<\/a> is a person who hacks the software or the security systems of an organization to find the vulnerabilities in them. They are paid by the developers or the organization to improve the security. On the other hand, a black hat hacker works against the organization, hacking with malicious intent. So, the core <a href=\"https:\/\/sectigostore.com\/blog\/white-hat-hacker-vs-black-hat-hacker\/\">difference between the white hat hacker and the black hat hacker<\/a> boils down to intent and permission.<\/p>\n\n\n\n<p>A white hat hacker will notify the company when they find a vulnerability so that it can be patched. In many cases, they\u2019re even hired by the company to find vulnerabilities and exploits within their systems (i.e., they have the company\u2019s permission). Conversely, black hat hackers aren\u2019t authorized or given permission by companies to access their systems. Furthermore, black hat hackers don\u2019t advertise or let anybody know of their exploits for the simple reason that the developers will patch the vulnerability as soon as they know about it. When the developers patch the vulnerability, the exploit becomes useless to the hackers.<\/p>\n\n\n\n<p>A black hat hacker is a hacker who breaches the security and enters the IT systems of victims with malicious intent. Their destructive intentions make them criminals as opposed to the more ethical white hat hackers whose penetration testing and work aim to strengthen the organization\u2019s security.<\/p>\n\n\n\n<p>Once an exploit is discovered, it is added to the <a href=\"https:\/\/cve.mitre.org\/data\/downloads\/index.html\">Common Vulnerabilities and Exposures (CVE)<\/a> list.&nbsp; <a href=\"https:\/\/www.sonicwall.com\/resources\/white-papers\/2021-sonicwall-cyber-threat-report\/\">SonicWall 2021 Cyber Threat Report<\/a> provides a list of the top eight of 18,353 CVEs published in 2020. Many of the top eight exploits affected multiple products.<\/p>\n\n\n\n<p>Currently, 11.60% of CVE vulnerabilities (18847 CVEs) have a <a href=\"https:\/\/nvd.nist.gov\/vuln-metrics\/cvss\">common vulnerability scoring system<\/a> (CVSS) score of 9-10. Higher score denotes increased risk. So, the scores suggest 18,847 (11.60%) of the vulnerabilities have highest level of risk. The following figure shows the figures from <a href=\"https:\/\/www.cvedetails.com\/\">cvedetails.com<\/a> as of Oct. 20, 2021:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"614\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/computer-exploit-vulnerabilities-bar-chart-1024x614.png\" alt=\"Computer exploit graphic showcasing a breakdown of vulnerabilities organized by their CVSS score\" class=\"wp-image-2636\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/computer-exploit-vulnerabilities-bar-chart-1024x614.png 1024w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/computer-exploit-vulnerabilities-bar-chart-300x180.png 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/computer-exploit-vulnerabilities-bar-chart-560x336.png 560w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/computer-exploit-vulnerabilities-bar-chart-1536x921.png 1536w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/computer-exploit-vulnerabilities-bar-chart-2048x1228.png 2048w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/computer-exploit-vulnerabilities-bar-chart-940x564.png 940w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption>A bar chart graphic showcasing the distribution of vulnerabilities. Data source: www.cvedetails.com.<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">What Are the Different Types of Computer Exploits?<\/h2>\n\n\n\n<p>So now we are clear that computer exploits are the tools with which hackers enter your computer devices to take advantage of a vulnerability. Exploits can be categorized according to the vulnerabilities they target. Let\u2019s discuss briefly different types of exploits and some preventive measures for each:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Hardware Exploits<\/h3>\n\n\n\n<p>A hardware exploit is a term used when the cybercriminal uses a vulnerability in physical hardware components to gain unauthorized access to a system. &nbsp;<\/p>\n\n\n\n<p>Vulnerabilities in hardware can lead to breached security and, ultimately, dire consequences. Many people think that cybersecurity has nothing to do with hardware; however, some hardware issues can lead to cyberattacks.<\/p>\n\n\n\n<p>Hardware-based <a class=\"wpil_keyword_link \" href=\"https:\/\/sectigostore.com\/blog\/10-different-types-of-cyber-attacks-how-they-work\/\" title=\"cyber attacks\" data-wpil-keyword-link=\"linked\">cyber attacks<\/a> take advantage of the complexity of the integrated circuits (IC) and microelectronics to gain access to a user\u2019s device without their knowledge or consent. Suppose a cybercriminal manages to change a small section of ICs during the manufacturing process. In that case, it might go unnoticed for years, and the criminal will get access to the devices of users installing that piece of hardware.<\/p>\n\n\n\n<p>Additionally, users don\u2019t often <a href=\"https:\/\/techmonitor.ai\/techonology\/cybersecurity\/time-upgrade-hardware\">upgrade <\/a><a href=\"https:\/\/techmonitor.ai\/techonology\/cybersecurity\/time-upgrade-hardware\"><\/a><a href=\"https:\/\/techmonitor.ai\/techonology\/cybersecurity\/time-upgrade-hardware\">their hardware<\/a>, which leaves them susceptible to attack.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><em>How to Prevent Hardware-Based Attacks<\/em><\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Upgrade your hardware regularly<\/li><li>Ensure a dust-free environment for hardware<\/li><li>Perform regular maintenance and upkeep of your hardware<\/li><li>Don\u2019t use outdated devices<\/li><li>Restrict access to your hardware<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Firmware Exploits<\/h3>\n\n\n\n<p>Another type of computer exploit that goes hand-in-hand with hardware exploits relates to firmware. A firmware exploit occurs when a cybercriminal takes advantage of a vulnerability that exists within an electronic component\u2019s pre-installed software. Examples of firmware include control systems on washing machines, programmable thermometers, and computer firmware like BIOS, and run-time abstraction service (RTAS) on IBM computers.<\/p>\n\n\n\n<p>In a firmware exploit, a cybercriminal uses malicious code to exploit a vulnerability within the firmware. This code can either create a backdoor in the system or uses a remote desktop protocol (RDP) to spy on the victim. The criminal might be able to set up a command-and-control (C&amp;C) server to snoop and manage the victim\u2019s device from a different physical location.<\/p>\n\n\n\n<p>In short, a firmware exploit can cause as much harm as hardware exploit or a software exploit. The <a href=\"https:\/\/www.wired.com\/2016\/03\/inside-cunning-unprecedented-hack-ukraines-power-grid\/\">Ukrainian Power Gride Attack<\/a> is an example of how an attack on firmware can affect an enterprise or a country as a whole.<\/p>\n\n\n\n<p>Unfortunately, the industry still has to update a lot on the firmware security front. As we are discovering new vulnerabilities in the firmware, the manufacturers are introducing the updated software. However, we have a long way to go.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Software Exploits<\/h3>\n\n\n\n<p>A software exploit is an exploit that takes advantage of a vulnerability found in the software installed on the systems of the victim. For example, your device could be running on outdated software that has a known vulnerability. Even if the manufacturer released a patch, if you don\u2019t take the time to apply the update, then an attacker can exploit that vulnerability to gain unauthorized access to your system and data. &nbsp;&nbsp;<\/p>\n\n\n\n<p>Overall, there are seven stages of software development:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"919\" height=\"286\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/stages-of-software-development.png\" alt=\"A graphic for the computer exploit blog post that illustrates the stages of the software development process, from research to testing and maintenance (and everything in between)\" class=\"wp-image-2638\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/stages-of-software-development.png 919w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/stages-of-software-development-300x93.png 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/stages-of-software-development-560x174.png 560w\" sizes=\"auto, (max-width: 919px) 100vw, 919px\" \/><figcaption>A basic illustration showing the stages of software development.<\/figcaption><\/figure>\n\n\n\n<p>If there are any problems at any of the stages, cybercriminals might exploit them for their own benefit. From a basic design flaw to insufficient testing, from lack of sufficient auditing to poor follow-up maintenance, every mistake can lead to the creation of vulnerabilities. Obviously, doing everything by the book doesn\u2019t guarantee 100% secure software, but following a comprehensive checking process can reduce the chances of an exploit.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><em>How to Prevent Software-Based Attacks<\/em><em><\/em><\/h3>\n\n\n\n<p>Software vulnerabilities are not the responsibility of developers alone. Users also have to take responsibility for fending off attackers.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Update your software regularly<\/li><li>Use only licensed versions of software<\/li><li>Limit the use of software to the personnel who need it<\/li><li>Introduce appropriate security measures for logging in to any software<\/li><li>Develop and communicate procedures to report issues<\/li><li>Keep yourself updated on the latest attacks<\/li><li>Delete unused and obsolete software<\/li><li>Set up a system to revoke privileges from software not used for a certain period of time<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Network Exploits<\/h3>\n\n\n\n<p>A network exploit uses a vulnerability in the network of the victim to breach their security. This includes vulnerability on any layer of the network, including physical, data link, transport, or internet.<\/p>\n\n\n\n<p><a href=\"https:\/\/info.edgescan.com\/hubfs\/Edgescan2021StatsReport.pdf\">EdgeScan<\/a> reported that there was a 40% rise in remote desktop (RDP) and secure shell (SSH) exposure, probably resulting from increased remote working due to COVID-19. Organizations could make several errors while establishing and maintaining an internet network, leading to vulnerabilities. Criminals can then exploit insecure network architecture to deploy malware.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><em>How to Prevent Network Attacks<\/em><\/h3>\n\n\n\n<p>Organizations should focus on the security of their own website by having an SSL\/TLS certificate. An SSL\/TLS certificate can not only show the legitimacy of your business but also helps to enable secure communications between a website and a user\u2019s client. Without an SSL certificate, the website will be vulnerable to exploits from cybercriminals. The data in transit is up for grabs if it\u2019s not protected by an SSL\/TLS certificate.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Secure networks with strong password policies and ensure they are discoverable by authorized people only<\/li><li>Use a different network for guests<\/li><li>Build a <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/zero-trust\">zero-trust organizational structure<\/a><\/li><li>Keep records of employees\u2019 activity on the network<\/li><li>Secure your sites with SSL\/TLS certificate<\/li><li>Train employees to use healthy network habits<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Personnel Exploits<\/h3>\n\n\n\n<p>When cybercriminals make use of vulnerabilities created by the employees of an organization, or they target the employees to phish sensitive data, the exploit is said to be personnel-based. <a href=\"https:\/\/enterprise.verizon.com\/resources\/reports\/2021-data-breach-investigations-report.pdf\">Verizon<\/a> reports that 44% of data breaches in small organizations were due to internal actors. The breaches were not only the result of espionage but also due to sheer negligence. Sometimes the \u2018oops\u2019 moments of employees cost almost as much to the organization as employee espionage.<\/p>\n\n\n\n<p>Let\u2019s quickly explore three of the risks:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Having insufficiently trained employees performing technical jobs increases your attack surface. <\/strong>Non-technical employees might not recognize vulnerabilities in software\/hardware even if they see it. They may also not be aware of the latest exploits in the market and may not be ready against zero day exploits. These users are less likely to follow cybersecurity best practices and may fall for phishing scams.<\/li><li><strong>Employees making minor misconfigurations can cause big problems. <\/strong>Poor cyber security planning and implementation processes can result in big issues for organizations.Implement cyber security policies and procedures that spells out what employees should \u2014 and should not do \u2014 regarding company devices and BYOD devices that connect to your network. Even a small slip-up can open up the doors for a cyber attack or data breach.<\/li><li><strong>Unhappy or manipulated employees can misuse their access. <\/strong>A disgruntled employee might work with a malicious outsider to get back at their employers, and manipulated or blackmailed employees might wind up doing the same for different reasons. The end result is that they can pass on sensitive information or might actually share the vulnerabilities in the system that external threats can use.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><em>How to Prevent Personnel Exploits<\/em><\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Conduct employee training sessions regularly<\/li><li>Employ appropriately trained people to work jobs that require handling sensitive data<\/li><li>Document procedures for employees to follow<\/li><li>Implement strict access and use policies<\/li><li>Address employee grievances on a regular basis<\/li><li>Compensate employees at market levels<\/li><li>Restrict access to sensitive systems and data to only those who need it for specific tasks<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Organizational Exploits<\/h3>\n\n\n\n<p>In addition to personnel and faulty IT systems, organizations might become victims to computer exploits if they don\u2019t follow some of the basic principles of cyber security. Some of these principles are as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Set up the most secure IT system you can afford<\/li><li>Employ people to operate those systems well<\/li><li>Set out rules for protecting the systems and mandate your employees to follow them<\/li><li>Form concrete plans for cyber security and follow them exactly<\/li><li>Perform regular internal and external audits to find vulnerabilities in your system<\/li><\/ul>\n\n\n\n<p>If the organization follows these security rules, it will reduce the chances of computer exploits and malware attacks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">EternalBlue: An Example of a Real-World Exploit and Its Role in Cyber Security:<\/h2>\n\n\n\n<p><a href=\"https:\/\/gs.statcounter.com\/os-market-share\/desktop\/worldwide\">StatCounter<\/a> reports that as of September 2021, 75.4% of desktop computers use Microsoft Windows. Now, if Windows had a vulnerability and someone developed an exploit for it, these devices would be vulnerable to attack. This is exactly what happened when the National Security Agency (NSA) developed a hacking tool called EternalBlue that used a vulnerability in legacy Windows operating systems.<\/p>\n\n\n\n<p>EternalBlue exploited the server message block (SMB) protocol of Microsoft\u2019s legacy systems. Microsoft released a security patch for the vulnerability in March 2017 but, unfortunately, a hacker group called the Shadow Brokers leaked it to the world soon after in April. Despite the fact that Microsoft had released the patch for the vulnerability, many users didn\u2019t update it in time and faced the consequences. The following exploits took advantage of EternalBlue:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">WannaCry<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.kaspersky.co.in\/resource-center\/threats\/ransomware-wannacry\">WannaCry<\/a> attacked users on May 12, 2017. It is considered one of the most intimidating exploits of all time. Microsoft released an emergency patch for previously unsupported operating systems (OS) the very next day, but some users still didn\u2019t update their OS due to neglect, lack of knowledge, or procrastination.<\/p>\n\n\n\n<p>WannaCry was ransomware that used EternalBlue exploit to creep into user devices. The criminals demanded ransom in Bitcoins. Security experts from the U.S. and U.K. think that WananCry originated from North Korea, and the attack is said to have affected more than 200,000 devices in 150 countries. It is considered particularly damaging as it included a transport mechanism that enabled it to spread automatically. The total damage was caused by WannaCry is not determined but is estimated to be between millions to billions of dollars.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">NotPetya<\/h3>\n\n\n\n<p>The interestingly named <a href=\"https:\/\/www.mcafee.com\/enterprise\/en-us\/security-awareness\/ransomware\/petya.html\">NotPetya<\/a> has many similarities to a previous piece of ransomware named Petya. Petya and NotPetya encrypted the victim\u2019s hard drive, restricting their access until the ransom was paid. However, unlike Petya, NotPetya didn\u2019t decrypt files upon the payment of the ransom.<\/p>\n\n\n\n<p>NotPetya was a state-sponsored Russian cyber attack deployed to hurt Ukraine in 2017. However, it got out of hand and victimized large corporations worldwide, including Russian state oil company Rosneft. NotPetya caused estimated damage of billions of dollars, affecting numerous countries, including the U.S., U.K., Ghana, Russia, and of course Ukraine. The U.S. government formally called the attack \u201creckless and indiscriminate.\u201d<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">BadRabbit<\/h3>\n\n\n\n<p>BadRabbit ransomware preyed mostly on devices in Russia, Germany, and Ukraine, and manually used a ransomware dropper from a single server. The attack began on the morning of Oct. 24 2017, and by late evening the dropper server went down. During its course, it affected about 200 devices.<\/p>\n\n\n\n<p><a href=\"https:\/\/securelist.com\/bad-rabbit-ransomware\/82851\/\">BadRabbit<\/a> encrypted the victims\u2019 files using RSA 2048 and AES 128 CBC protocols. It was found that the victims were redirected to a malware site from a legitimate news website. Thereafter, a fake Adobe Flash Player was used to deploy the code of the malware.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Are Exploit Kits?<\/h2>\n\n\n\n<p>Over the years, we&#8217;ve seen a steady rise in malware attacks that make us ask, \u201care so many people suddenly mastering the evil skill of developing malware?\u201d Well, no. Not everybody who launches malware attacks actually developed the malware themselves. Oftentimes, cybercriminals make use of &#8220;crimeware,&#8221; including <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/malware-as-a-service-maas\/#:~:text=The lease of software and,as well as technical support.\">malware-as-a-service (MaaS)<\/a> and exploit kits. So, what are exploit kits?<\/p>\n\n\n\n<p>Exploit kits are tools that contain multiple exploits. These kits helps the criminal launch cyberattacks without having to go to the effort of programming individual malware and exploits. They can readily buy exploit kits from the dark web to launch attacks. This has led to an increase in cyber attacks all over the world. Recently, <a href=\"https:\/\/blog.360totalsecurity.com\/en\/purple-fox-trojan-burst-out-globally-and-infected-more-than-30000-users\/\">PurpleFox malware<\/a>, a type of malware that infects Windows systems, was discovered as being distributed through exploit kits.<\/p>\n\n\n\n<p>Depending on the services provided, the going rates that criminals charge for exploit kits vary on the dark web. Some exploit kits can not only install exploit and malware on the device but can also look for vulnerability in the software and provide the appropriate type of exploit. Once inside, the exploit kit might also launch a remote access tool (RAT), which gives the attacker remote access to your system.<\/p>\n\n\n\n<p>The monetization of malware-as-a-service can be linked to the release of the <a href=\"https:\/\/nakedsecurity.sophos.com\/exploring-the-blackhole-exploit-kit-3\/\">Blackhole exploit kit<\/a> back in 2010. Very much like software-as-a-service, Blackhole provided a ready-made kit to deal with every stage of an exploit attack in one place. The Russian distributors also offered customization of the kit to meet specific requirements of the users.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Are Zero Day Exploits?<\/h2>\n\n\n\n<p>A zero day exploit is every developer\u2019s worst nightmare. This is a vulnerability in your computer program that\u2019s unknown to your organization \u2014you can\u2019t fix problems you don\u2019t know exist, right? <a href=\"https:\/\/fidusinfosec.com\/silently-unmasking-virgin-media-vpn-users-in-seconds-cve-2019-16651\/\"><\/a><\/p>\n\n\n\n<p>Developers issue patches and updates to address flaws and other vulnerabilities they discover in their software (or that researchers and white hats report to them). However, there are times when researchers and cybercriminals discover the vulnerabilities before the developers. It\u2019s good when researchers find them because they\u2019re on your side and want companies to take care of the issues before they become problems. But it\u2019s horrible when cybercriminals discover them first because they exploit the vulnerabilities to launch attacks, taking everybody by surprise.<\/p>\n\n\n\n<p>A cyberattack launched using an unknown or undisclosed vulnerability is called a zero day attack. These types of attacks take advantage of what\u2019s known as a <a href=\"https:\/\/sectigostore.com\/blog\/zero-day-what-is-a-zero-day-attack-exploit-or-vulnerability\/\">zero day exploit<\/a> or vulnerability. So far, <a href=\"https:\/\/www.zero-day.cz\/\">zero-day.cz<\/a> reports that this year has seen almost double the number of zero day exploits in nine months than during the whole of 2020.<\/p>\n\n\n\n<p>Zero day exploits are sold for millions of dollars on the dark web if they are not used directly by the people who discover them. In a shocking incident, Accuvant, an American security company, <a href=\"https:\/\/www.technologyreview.com\/2021\/09\/15\/1035813\/us-sold-iphone-exploit-uae\/\">sold an iPhone exploit to a group of mercenaries<\/a> for $1.3 million. <a href=\"https:\/\/www.reuters.com\/article\/us-usa-spying-karma-exclusive\/exclusive-uae-used-cyber-super-weapon-to-spy-on-iphones-of-foes-idUSKCN1PO1AN?il=0\">Reuters reports<\/a> that this hack was ultimately used by the United Arab Emirates (UAE) to launch surveillance and espionage against geopolitical rivals, dissidents, and human rights activists. Another example is a<a href=\"https:\/\/fidusinfosec.com\/silently-unmasking-virgin-media-vpn-users-in-seconds-cve-2019-16651\/\"> zero day vulnerability in the Virgin Media Super Hub 3 router<\/a> that exposed the true IP addresses of VPN users, damaging their privacy.<\/p>\n\n\n\n<p>Thankfully, white hats at Google have developed a <a href=\"https:\/\/docs.google.com\/spreadsheets\/d\/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY\/edit#gid=2129022708\">Google sheet<\/a> to keep track of the zero day exploits they discover and help fellow experts. The project is dubbed <a href=\"https:\/\/googleprojectzero.blogspot.com\/p\/0day.html\">\u201cProject Zero\u201d<\/a> and its goal is to make using zero day exploits harder for attackers to achieve. The Google team tracks their own security resources along with the zero day exploits they discover in the wild. <\/p>\n\n\n\n<p>Even so, as a business owner, the onus is on you to keep your IT systems secure and updated. Abandoned or obsolete software is often targeted for zero day exploits.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"915\" height=\"571\" src=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/zero-day-vulnerability-exploit-breakdown.png\" alt=\"What is a computer exploit? This graphic illustrates the overlap between zero day vulnerabilities and zero day exploits\" class=\"wp-image-2639\" srcset=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/zero-day-vulnerability-exploit-breakdown.png 915w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/zero-day-vulnerability-exploit-breakdown-300x187.png 300w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/zero-day-vulnerability-exploit-breakdown-560x349.png 560w, https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/zero-day-vulnerability-exploit-breakdown-480x300.png 480w\" sizes=\"auto, (max-width: 915px) 100vw, 915px\" \/><figcaption>A basic illustration showing the stages of a zero day vulnerability and zero day exploit, and where they overlap.<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Final Words on What a Computer Exploit Is and How It Works<\/h2>\n\n\n\n<p>Computer exploits are programs devised by cybercriminals to take advantage of the vulnerabilities in your IT systems. As much as the software developers try to develop vulnerability-free programs, it is virtually impossible for them to do so. Cybercriminals are also experts in programming, and they find every little vulnerability to exploit and launch malware in your devices and systems.<\/p>\n\n\n\n<p>A business organization provides a large area for exploiting vulnerabilities, and therefore small and medium-sized businesses (SMBs) must be extra vigilant for their cyber security regimen.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Would you sleep peacefully if your child monitoring app was leaking the location of your child? Probably not. The security flaws found in the Canopy app are the perfect example&#8230;<\/p>\n","protected":false},"author":19,"featured_media":2643,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[213,133],"class_list":["post-2634","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-web-security","tag-computer-exploit","tag-exploit","post-with-tags"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What Is a Computer Exploit and How Does It Work? - InfoSec Insights<\/title>\n<meta name=\"description\" content=\"What is a computer exploit? Exploits occur when attackers use system vulnerabilities to gain unauthorized access to your network and data.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sectigostore.com\/blog\/what-is-a-computer-exploit-and-how-does-it-work\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Is a Computer Exploit and How Does It Work? - InfoSec Insights\" \/>\n<meta property=\"og:description\" content=\"What is a computer exploit? Exploits occur when attackers use system vulnerabilities to gain unauthorized access to your network and data.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sectigostore.com\/blog\/what-is-a-computer-exploit-and-how-does-it-work\/\" \/>\n<meta property=\"og:site_name\" content=\"InfoSec Insights\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-01T09:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/what-is-a-computer-exploit-feature.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Megha Thakkar\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Megha Thakkar\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"18 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-computer-exploit-and-how-does-it-work\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-computer-exploit-and-how-does-it-work\\\/\"},\"author\":{\"name\":\"Megha Thakkar\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/77f01ec498571464bae513fa5bfd42da\"},\"headline\":\"What Is a Computer Exploit and How Does It Work?\",\"datePublished\":\"2021-11-01T09:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-computer-exploit-and-how-does-it-work\\\/\"},\"wordCount\":3898,\"image\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-computer-exploit-and-how-does-it-work\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/what-is-a-computer-exploit-feature.jpg\",\"keywords\":[\"computer exploit\",\"Exploit\"],\"articleSection\":[\"Web Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-computer-exploit-and-how-does-it-work\\\/\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-computer-exploit-and-how-does-it-work\\\/\",\"name\":\"What Is a Computer Exploit and How Does It Work? - InfoSec Insights\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-computer-exploit-and-how-does-it-work\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-computer-exploit-and-how-does-it-work\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/what-is-a-computer-exploit-feature.jpg\",\"datePublished\":\"2021-11-01T09:00:00+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/77f01ec498571464bae513fa5bfd42da\"},\"description\":\"What is a computer exploit? Exploits occur when attackers use system vulnerabilities to gain unauthorized access to your network and data.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-computer-exploit-and-how-does-it-work\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-computer-exploit-and-how-does-it-work\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-computer-exploit-and-how-does-it-work\\\/#primaryimage\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/what-is-a-computer-exploit-feature.jpg\",\"contentUrl\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/what-is-a-computer-exploit-feature.jpg\",\"width\":1600,\"height\":1000},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/what-is-a-computer-exploit-and-how-does-it-work\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Is a Computer Exploit and How Does It Work?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/\",\"name\":\"InfoSec Insights\",\"description\":\"SectigoStore.com Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/sectigostore.com\\\/blog\\\/#\\\/schema\\\/person\\\/77f01ec498571464bae513fa5bfd42da\",\"name\":\"Megha Thakkar\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g\",\"caption\":\"Megha Thakkar\"},\"description\":\"Megha can usually be found reading, writing, or watching documentaries, guaranteed to bore her family. She is a techno-freak with interests ranging from cooking to travel. A regular contributor to various web security blogs, she has earned her diploma in network-centric computing. Being a mother has taught her to speak less and write more (coz who listens to moms, right?).\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Is a Computer Exploit and How Does It Work? - InfoSec Insights","description":"What is a computer exploit? Exploits occur when attackers use system vulnerabilities to gain unauthorized access to your network and data.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sectigostore.com\/blog\/what-is-a-computer-exploit-and-how-does-it-work\/","og_locale":"en_US","og_type":"article","og_title":"What Is a Computer Exploit and How Does It Work? - InfoSec Insights","og_description":"What is a computer exploit? Exploits occur when attackers use system vulnerabilities to gain unauthorized access to your network and data.","og_url":"https:\/\/sectigostore.com\/blog\/what-is-a-computer-exploit-and-how-does-it-work\/","og_site_name":"InfoSec Insights","article_published_time":"2021-11-01T09:00:00+00:00","og_image":[{"width":1600,"height":1000,"url":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/what-is-a-computer-exploit-feature.jpg","type":"image\/jpeg"}],"author":"Megha Thakkar","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Megha Thakkar","Est. reading time":"18 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sectigostore.com\/blog\/what-is-a-computer-exploit-and-how-does-it-work\/#article","isPartOf":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-computer-exploit-and-how-does-it-work\/"},"author":{"name":"Megha Thakkar","@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/77f01ec498571464bae513fa5bfd42da"},"headline":"What Is a Computer Exploit and How Does It Work?","datePublished":"2021-11-01T09:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-computer-exploit-and-how-does-it-work\/"},"wordCount":3898,"image":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-computer-exploit-and-how-does-it-work\/#primaryimage"},"thumbnailUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/what-is-a-computer-exploit-feature.jpg","keywords":["computer exploit","Exploit"],"articleSection":["Web Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sectigostore.com\/blog\/what-is-a-computer-exploit-and-how-does-it-work\/","url":"https:\/\/sectigostore.com\/blog\/what-is-a-computer-exploit-and-how-does-it-work\/","name":"What Is a Computer Exploit and How Does It Work? - InfoSec Insights","isPartOf":{"@id":"https:\/\/sectigostore.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-computer-exploit-and-how-does-it-work\/#primaryimage"},"image":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-computer-exploit-and-how-does-it-work\/#primaryimage"},"thumbnailUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/what-is-a-computer-exploit-feature.jpg","datePublished":"2021-11-01T09:00:00+00:00","author":{"@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/77f01ec498571464bae513fa5bfd42da"},"description":"What is a computer exploit? Exploits occur when attackers use system vulnerabilities to gain unauthorized access to your network and data.","breadcrumb":{"@id":"https:\/\/sectigostore.com\/blog\/what-is-a-computer-exploit-and-how-does-it-work\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sectigostore.com\/blog\/what-is-a-computer-exploit-and-how-does-it-work\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sectigostore.com\/blog\/what-is-a-computer-exploit-and-how-does-it-work\/#primaryimage","url":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/what-is-a-computer-exploit-feature.jpg","contentUrl":"https:\/\/sectigostore.com\/blog\/wp-content\/uploads\/2021\/10\/what-is-a-computer-exploit-feature.jpg","width":1600,"height":1000},{"@type":"BreadcrumbList","@id":"https:\/\/sectigostore.com\/blog\/what-is-a-computer-exploit-and-how-does-it-work\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sectigostore.com\/blog\/"},{"@type":"ListItem","position":2,"name":"What Is a Computer Exploit and How Does It Work?"}]},{"@type":"WebSite","@id":"https:\/\/sectigostore.com\/blog\/#website","url":"https:\/\/sectigostore.com\/blog\/","name":"InfoSec Insights","description":"SectigoStore.com Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sectigostore.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/sectigostore.com\/blog\/#\/schema\/person\/77f01ec498571464bae513fa5bfd42da","name":"Megha Thakkar","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/390ac6e8c0915150ea845acfc11db159571a2dc74d5745edc8edacec9f996bce?s=96&d=mm&r=g","caption":"Megha Thakkar"},"description":"Megha can usually be found reading, writing, or watching documentaries, guaranteed to bore her family. She is a techno-freak with interests ranging from cooking to travel. A regular contributor to various web security blogs, she has earned her diploma in network-centric computing. Being a mother has taught her to speak less and write more (coz who listens to moms, right?)."}]}},"_links":{"self":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/2634","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/comments?post=2634"}],"version-history":[{"count":4,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/2634\/revisions"}],"predecessor-version":[{"id":2645,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/posts\/2634\/revisions\/2645"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/media\/2643"}],"wp:attachment":[{"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/media?parent=2634"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/categories?post=2634"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sectigostore.com\/blog\/wp-json\/wp\/v2\/tags?post=2634"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}