Zero time. Zero tolerance. Zero-day.

Issue 1 2022 Information Security

In 2021, zero-day attacks smashed through previous records according to researchers and experts interviewed by MIT Technology Review. The total number of zero-day exploits discovered in 2021 was 58, according to the 0Day tracking project, which was nearly double the number found in 2020 (26).

Stephen Osler.

Defined as attacks that use recently discovered security vulnerabilities to penetrate systems – the term ‘zero-day’ being the amount of time developers have to fix the vulnerability – zero-day attacks are expensive and time consuming. They are also a threat that shows no sign of slowing down, especially after the successes of 2021 and with new detection tools to identify more of them that were missed.

Perhaps one of the most important lessons learned last year was that anyone with a technical mindset and access to the right tools and software can exploit a vulnerability. They don’t need to access the Dark Web; they can download the tools they need to perpetrate a hack from a simple browser search.

This increase in ‘journeyman hacker’ is one of the biggest contributors to the rise in zero-day attacks and one of the most problematic. If anyone can become a hacker overnight with tools designed to do the work for them, then the threats will only increase as more and more people take advantage of them.

The Log4Shell example

In addition to an increase in hacker volumes, there was also a rise in hack capabilities, as evidenced by the trail of destruction left by the zero-day exploit known as Log4Shell. This exploited a Java-based logging facility used by vendors and developers called Log4j that’s essentially a library of information that can be used by hackers to cause immense damage.

When accessed, Log4j provides attackers with access to passwords and credentials, allows them to steal and lock data away, infect networks with malicious software, mine cryptocurrency, enact a distributed denial-of-service (DDoS) botnet and perpetrate ransomware attacks. The fact that Log4j is used by so many companies and developers means that it presented a huge attack surface that Log4Shell could use to cause immense damage.

Which is precisely what it did. By December 2021, this zero-day exploit had infected Minecraft servers, Apple, Amazon, Cloudflare, Steam, Tesla, Twitter and Baidu. It was, as Arstechnica put it, a who’s who of the biggest names on the Internet.

Zero-day attacks need to be a priority for organisations, especially considering how, over the past two years, they’ve had to adopt remote ways of working and have accidentally opened up windows of opportunity for cybercriminals. Shopping windows for them, problems for the business. Cybercriminals are consistently on the prowl for zero-day exploits because that’s their job – just as it’s now the company’s job to consistently protect against them.

However, as much as the rapid rise in exploits is cause for concern, it’s equally a cause for celebration - the fact that so many were found is a sign that there are better detection systems in place that are more capable of finding the exploits and helping organisations protect against them. That said, zero-day attacks are increasing which means that organisations have to plan ahead so they can handle whatever 2022 may bring.

To actively protect the business against zero-day attacks and to mitigate the damage they cause, organisations should:

• Manage vulnerabilities. There has never been a greater need for a vulnerability management programme than today. It’s important to engage in the regular scanning of assets and to prioritise vulnerability remediation using a risk-based approach. There are some superb vulnerability management tools available that allow you to focus on the full lifecycle and monitor critical assets consistently.

• Ensure they update their patches. Keep track of patches and updates to protect from, or mitigate, future attacks.

• Identify and respond. If you’re attacked or compromised, put measures in place to contain the attack, identify its root cause and ensure there is a recovery period after the attack.

• Educate the users. Many zero-day attacks occur because of human error. It’s critical that employees and colleagues practice safe online hygiene and report anything suspicious.

• Engage preventative measures. Ensure that your firewalls are updated and correctly configured and that the latest anti-virus or endpoint detection software is in place and blocking access to certain sites, attachments and emails. And again, make sure your patches are up to date.

• Invest in a cybersecurity partner. The right partner means you are protected at the right time. Security experts will have systems in place and advanced technologies at their disposal that are designed to deal with zero-day exploits. They can protect your business from attacks and minimise threats significantly.

The cybersecurity industry is evolving and innovating at pace, providing companies with the tools and support they need to keep up with the cybercriminals and zero-day exploits. Advances are happening every day, some because of mistakes made, others because of relentless investment into robust security. Yes, the threats are real and rising, but with the right partners and security support, companies don’t have to fall victim to the next zero-day attack.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

New ransomware using BitLocker to encrypt data
Technews Publishing Information Security Residential Estate (Industry)
Kaspersky has identified ransomware attacks using Microsoft’s BitLocker to attempt encryption of corporate files. It can detect specific Windows versions and enable BitLocker according to those versions.

Create order from chaos
Information Security
The task of managing and interpreting vast amounts of data is akin to finding a needle in a haystack. Cyberthreats are growing in complexity and frequency, demanding sophisticated solutions that not only detect, but also prevent, malicious activities effectively.

Trend Micro launches first security solutions for consumer AI PCs
Information Security News & Events
Trend Micro unveiled its first consumer security solutions tailored to safeguard against emerging threats in the era of AI PCs. Trend will bring these advanced capabilities to consumers in late 2024.

Kaspersky finds 24 vulnerabilities in biometric access systems
Technews Publishing Information Security
Customers urged to update firmware. Kaspersky has identified numerous flaws in the hybrid biometric terminal produced by international manufacturer ZKTeco, allowing a nefarious actor to bypass the verification process and gain unauthorised access.

Responsible AI boosts software security
Information Security
While the prevalence of high-severity security flaws in applications has dropped slightly in recent years, the risks posed by software vulnerabilities remain high, and remediating these vulnerabilities could hinder new application development.

AI and ransomware: cutting through the hype
AI & Data Analytics Information Security
It might be the great paradox of 2024: artificial intelligence (AI). Everyone is bored of hearing it, but we cannot stop talking about it. It is not going away, so we had better get used to it.

NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

iOCO collaboration protection secures Office 365
Information Security Infrastructure
The cloud, in general, and Office 365, in particular, have played a significant role in enabling collaboration, but it has also created a security headache as organisations store valuable information on the platform.

Cybercriminals embracing AI
Information Security Security Services & Risk Management
Organisations of all sizes are exploring how artificial intelligence (AI) and generative AI, in particular, can benefit their businesses. While they are still figuring out how best to use AI, cybercriminals have fully embraced it.

A strong cybersecurity foundation
Milestone Systems Information Security
The data collected by cameras, connected sensors, and video management software can make a VMS an attractive target for malicious actors; therefore, being aware of the risks of an insecure video surveillance system and how to mitigate these are critical skills.