Accelerating Innovation in Cybersecurity with a Public-Private Consortium
Threat ecosystems that enable code reuse attacks decrease the cost of developing new malicious code and increase the cost of fighting malicious code. These ecosystems are the root cause of the economic imbalance which drives many cyberattacks.
A major gap in our knowledge of threat ecosystems is that we don’t understand how to specify them. Therefore, we focus more on technology and malware aspects than on ways to mitigate the negative impacts of threat ecosystems.
This paper first reviews the literature on ecosystems and code reuse attacks to develop a framework to specify threat ecosystems. Then the framework is used to specify the threat ecosystems that enable or control:
i) attacks that package new malware using old malware code and ii) attacks where malicious code controls how a "good" code is executed to create complex payloads (e.g., return-into-libc and return-oriented programming attacks). Insights gained from comparing the ecosystems that enable these two types of code-reuse attacks are compared and suggestions for future research are proposed.