Exploit chains explained: How and why attackers target multiple vulnerabilities

Exploit chain definition

Exploit chains (also known as vulnerability chains) are cyberattacks that group together multiple exploits to compromise a target. Cybercriminals use them to breach a device or system to greater success or impact compared to focusing on a single point of entry.

“The goal with exploit chain attacks is to gain kernel/root/system level access to compromise a system in order to execute an attack,” Forrester analyst Steve Turner tells CSO. “Exploit chains allow attackers to blend in within an organization’s environment by using vulnerabilities in normal system processes bypassing numerous defenses to quickly elevate themselves,” he adds. While exploit chain attacks typically require more time, effort, and expertise for cybercriminals, chaining exploits together allows malicious actors to carry out attacks that can be increasingly difficult to remediate depending on the length and sophistication of the vulnerability sequence.

The risks of exploit chains

The risks posed by exploit chains to organizations are significant. The execution of exploit chains tends to happen quickly, and most organizations aren’t armed with the right playbooks, processes, and tools to be able to aggressively stop or contain the threat, says Turner.

“The unfortunate reality is IT security teams are burdened with the fact that almost all exploits take advantage of known vulnerabilities, and exploit chains, that have not been mitigated,” says Ortal Keizman, research team lead at Vulcan Cyber. “Vulnerability management is a massive game of whack-a-mole facing the IT security profession today and at least 56% of enterprise organizations lack the ability to remediate vulnerabilities at the speed or scale needed to protect their businesses.”