What Is an RCE? (and 9 Reasons Hackers Use Them)

What Is an RCE? (and 9 Reasons Hackers Use Them)

 By Charles Joseph | Cybersecurity Advocate
 Last update: November 25, 2023

An RCE, or Remote Code Execution, is a type of security vulnerability that allows an attacker to execute arbitrary code on a targeted system remotely, without the need for physical access.

Stay One Step Ahead of Cyber Threats

Want to Be the Smartest Guy in the Room? Get the Latest Cybersecurity News and Insights.
We respect your privacy and you can unsubscribe anytime.

This type of attack can compromise the confidentiality, integrity, and availability of a system, potentially causing significant harm.

9 Reasons Hackers Use Them

Unauthorized accessRCEs provide hackers with unauthorized access to a system, enabling them to steal sensitive data or perform other malicious activities.
Privilege escalationOnce inside a system, attackers can exploit other vulnerabilities to escalate their privileges and gain higher-level access, allowing them to make more significant changes.
Data theftRCEs can be used to steal sensitive data such as personal information, financial data, and intellectual property, which can be sold on the dark web or used for identity theft and other criminal activities.
Spreading malwareRCEs can be exploited to deliver and execute malware on the targeted system, which can be used for various purposes, including ransomware, botnets, and cryptocurrency mining.
SabotageHackers can use RCEs to disrupt or destroy systems, causing financial loss and damage to an organization’s reputation.
EspionageRCEs can be used for spying on a target, gathering intelligence, and monitoring communications.
Pivot attacksOnce a system is compromised, attackers can use it as a pivot point to launch further attacks on other systems within the network.
Creating a backdoorHackers can use RCEs to create a backdoor into the system, allowing them to maintain persistent access for future attacks or reconnaissance.
Demonstrating capabilitiesSome hackers may use RCEs to showcase their skills or to gain notoriety.

6 Examples of Remote Code Executions (RCEs):

EternalBlue (CVE-2017-0144)A critical Windows Server Message Block (SMB) vulnerability that was leveraged by the WannaCry and NotPetya ransomware attacks in 2017.
Apache Struts2 (CVE-2017-5638)This vulnerability in the Apache Struts2 web application framework allowed remote code execution through a crafted Content-Type header. The Equifax data breach in 2017 was a result of this vulnerability being exploited.
BlueKeep (CVE-2019-0708)A critical RCE vulnerability in Windows Remote Desktop Protocol (RDP) affecting older Windows versions. It allows for the spread of malware without user interaction, similar to the way EternalBlue was used.
DejaBlue (CVE-2019-1181/1182, CVE-2019-1222, and CVE-2019-1226)A group of vulnerabilities in Windows RDP, also known as BlueKeep II, impacting newer versions of Windows.
Shellshock (CVE-2014-6271)A vulnerability in the Bash shell, widely used on Linux and Unix systems, which allowed remote code execution through environment variables manipulation.
Drupalgeddon (CVE-2018-7600 and CVE-2018-7602)Critical RCE vulnerabilities in the Drupal content management system that allowed
"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional