When did buffer overflow attacks start?
The first buffer overflow attack occurred in November of 1988 with catastrophic effects. Known as “The Morris Worm,” [https://www.fbi.gov/news/stories/morris-worm-30-years-since-first-major-attack-on-internet-110218] the rogue program crashed 10% of all computers with internet connectivity in a single day.
While it didn’t damage or eliminate system data, the worm was massively impactful in terms of its effects on cybersecurity awareness. Delaying military and university operations for several days to a week, the worm incurred damages that experts estimated to be between hundreds of thousands to millions of dollars, highlighting both the nation’s reliance on computer systems and the widespread inadequacy of cybersecurity measures at the time.
Are buffer overflows still relevant?
Mainstream programming practices have evolved to develop operating systems, software, and programs with built-in overflow protections. These protections include coding in an automatically protected language or using techniques that give greater attention to vulnerabilities. For example, address space randomization shuffles the locations of data areas to make buffer overflow attacks more difficult, thus undermining the propagation of worms by requiring individualized exploitation. Many programs also utilize canary values, which occupy unused buffers. When the canary value has been overwritten, the program recognizes that it cannot verify the canary value and subsequently terminates or takes another action before an attack can take place.
Still, these protections can guard buffer overflow vulnerabilities but cannot eliminate the threat. It is in the best interest of MSPs, then, that they understand how these attacks occur and what tools they can use to prevent them [https://www.solarwindsmsp.com/blog/security-why-does-a-business-need-a-third-party-email-security-offering].
What is buffer overflow prevention?
Buffer overflow prevention can come in the form of better coding practices and security software implementation. While checking for bugs and opting for automatic language protection is helpful as a first step, the majority of programs are at risk of costly buffer overflow attacks and require a second line of defense.
SolarWinds® Remote Monitoring & Management (RMM) software was tailored to meet the needs of MSPs protecting their customers’ networks from afar [https://www.solarwindsmsp.com/products/rmm]. With data-breach risk intelligence, backup and recovery, and managed antivirus capabilities, the RMM dashboard gives MSPs a holistic view of network health while alerting them to—and guarding against—security threats like DoS attacks.
Though cybersecurity risks are constantly evolving, buffer overflow attacks have been a severe DoS threat for the last thirty years and MSPs should know what program vulnerabilities make them possible.
Ensure you're always protected from breaches by reading through our blog for other common IT threats.