Zero time. Zero tolerance. Zero-day.

Issue 1 2022 Cyber Security

In 2021, zero-day attacks smashed through previous records according to researchers and experts interviewed by MIT Technology Review. The total number of zero-day exploits discovered in 2021 was 58, according to the 0Day tracking project, which was nearly double the number found in 2020 (26).

Stephen Osler.

Defined as attacks that use recently discovered security vulnerabilities to penetrate systems – the term ‘zero-day’ being the amount of time developers have to fix the vulnerability – zero-day attacks are expensive and time consuming. They are also a threat that shows no sign of slowing down, especially after the successes of 2021 and with new detection tools to identify more of them that were missed.

Perhaps one of the most important lessons learned last year was that anyone with a technical mindset and access to the right tools and software can exploit a vulnerability. They don’t need to access the Dark Web; they can download the tools they need to perpetrate a hack from a simple browser search.

This increase in ‘journeyman hacker’ is one of the biggest contributors to the rise in zero-day attacks and one of the most problematic. If anyone can become a hacker overnight with tools designed to do the work for them, then the threats will only increase as more and more people take advantage of them.

The Log4Shell example

In addition to an increase in hacker volumes, there was also a rise in hack capabilities, as evidenced by the trail of destruction left by the zero-day exploit known as Log4Shell. This exploited a Java-based logging facility used by vendors and developers called Log4j that’s essentially a library of information that can be used by hackers to cause immense damage.

When accessed, Log4j provides attackers with access to passwords and credentials, allows them to steal and lock data away, infect networks with malicious software, mine cryptocurrency, enact a distributed denial-of-service (DDoS) botnet and perpetrate ransomware attacks. The fact that Log4j is used by so many companies and developers means that it presented a huge attack surface that Log4Shell could use to cause immense damage.

Which is precisely what it did. By December 2021, this zero-day exploit had infected Minecraft servers, Apple, Amazon, Cloudflare, Steam, Tesla, Twitter and Baidu. It was, as Arstechnica put it, a who’s who of the biggest names on the Internet.

Zero-day attacks need to be a priority for organisations, especially considering how, over the past two years, they’ve had to adopt remote ways of working and have accidentally opened up windows of opportunity for cybercriminals. Shopping windows for them, problems for the business. Cybercriminals are consistently on the prowl for zero-day exploits because that’s their job – just as it’s now the company’s job to consistently protect against them.

However, as much as the rapid rise in exploits is cause for concern, it’s equally a cause for celebration - the fact that so many were found is a sign that there are better detection systems in place that are more capable of finding the exploits and helping organisations protect against them. That said, zero-day attacks are increasing which means that organisations have to plan ahead so they can handle whatever 2022 may bring.

To actively protect the business against zero-day attacks and to mitigate the damage they cause, organisations should:

• Manage vulnerabilities. There has never been a greater need for a vulnerability management programme than today. It’s important to engage in the regular scanning of assets and to prioritise vulnerability remediation using a risk-based approach. There are some superb vulnerability management tools available that allow you to focus on the full lifecycle and monitor critical assets consistently.

• Ensure they update their patches. Keep track of patches and updates to protect from, or mitigate, future attacks.

• Identify and respond. If you’re attacked or compromised, put measures in place to contain the attack, identify its root cause and ensure there is a recovery period after the attack.

• Educate the users. Many zero-day attacks occur because of human error. It’s critical that employees and colleagues practice safe online hygiene and report anything suspicious.

• Engage preventative measures. Ensure that your firewalls are updated and correctly configured and that the latest anti-virus or endpoint detection software is in place and blocking access to certain sites, attachments and emails. And again, make sure your patches are up to date.

• Invest in a cybersecurity partner. The right partner means you are protected at the right time. Security experts will have systems in place and advanced technologies at their disposal that are designed to deal with zero-day exploits. They can protect your business from attacks and minimise threats significantly.

The cybersecurity industry is evolving and innovating at pace, providing companies with the tools and support they need to keep up with the cybercriminals and zero-day exploits. Advances are happening every day, some because of mistakes made, others because of relentless investment into robust security. Yes, the threats are real and rising, but with the right partners and security support, companies don’t have to fall victim to the next zero-day attack.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Poor router security makes SMBs vulnerable to attack
Cyber Security
While major malware and ransomware incidents frequently make headlines in the media, router vulnerabilities are not as frequently publicised, but the outcomes of these violations could be immensely damaging.

Cybercriminals eye South African SMEs lack of security
Cyber Security
Just as a business owner wouldn’t underinsure a tangible business asset such as a factory, SMEs shouldn’t leave their digital assets unlocked and in plain sight of criminals.

Harnessing the power of AI-driven XDR
Cyber Security
According to AIMultiple, 90% of infosec personnel in the U.S. and Japan said they’re anticipating an increase in these automated attack campaigns, due in no small part to the public availability of AI research.

Be prepared for the increase in reconnaissance
Cyber Security
Because ransomware has become so lucrative, cybercriminals are becoming more devious and putting significantly more energy into reconnaissance.

Cybereason expands presence across sub-Saharan Africa
News Cyber Security
Cybereason has appointed Chantél Hamman as its new channel director focused on growing the company’s presence across sub-Saharan Africa.

How to weather the approaching perfect storm
Cyber Security
Cybercrime is spiking and security skills are scarce, and small and medium enterprises (SMEs) are particularly vulnerable as the financial impact of falling victim to these security breaches can result in their total collapse.

Cyber resilience is more than security
Industrial (Industry) Cyber Security IT infrastructure
Kate Mollett, regional director at Commvault Africa advises companies to guard against cyberattacks in the shipping and logistics sector using an effective recovery strategy.

Preventing cyberattacks on critical infrastructure
Industrial (Industry) Cyber Security
Cyberattacks have the potential to disrupt our lives completely, and in instances where critical national infrastructure is attacked, they could disrupt the country’s entire economy, leading to loss of life and livelihoods.

Cybersecure surveillance cameras
HiTek Security Distributors News CCTV, Surveillance & Remote Monitoring Cyber Security
Provision-ISR builds customer trust and opens up new opportunities with Check Point Quantum IoT Protect Firmware built into Provision-ISR cameras.

Why SBOMs are mission critical
Hikvision South Africa Cyber Security
When deployed and managed properly, software bill of materials can provide a 360-degree view of an organisation’s risk exposure to software supply chain threats and vulnerabilities.