Zero time. Zero tolerance. Zero-day.

Issue 1 2022 Information Security

In 2021, zero-day attacks smashed through previous records according to researchers and experts interviewed by MIT Technology Review. The total number of zero-day exploits discovered in 2021 was 58, according to the 0Day tracking project, which was nearly double the number found in 2020 (26).


Stephen Osler.

Defined as attacks that use recently discovered security vulnerabilities to penetrate systems – the term ‘zero-day’ being the amount of time developers have to fix the vulnerability – zero-day attacks are expensive and time consuming. They are also a threat that shows no sign of slowing down, especially after the successes of 2021 and with new detection tools to identify more of them that were missed.

Perhaps one of the most important lessons learned last year was that anyone with a technical mindset and access to the right tools and software can exploit a vulnerability. They don’t need to access the Dark Web; they can download the tools they need to perpetrate a hack from a simple browser search.

This increase in ‘journeyman hacker’ is one of the biggest contributors to the rise in zero-day attacks and one of the most problematic. If anyone can become a hacker overnight with tools designed to do the work for them, then the threats will only increase as more and more people take advantage of them.

The Log4Shell example

In addition to an increase in hacker volumes, there was also a rise in hack capabilities, as evidenced by the trail of destruction left by the zero-day exploit known as Log4Shell. This exploited a Java-based logging facility used by vendors and developers called Log4j that’s essentially a library of information that can be used by hackers to cause immense damage.

When accessed, Log4j provides attackers with access to passwords and credentials, allows them to steal and lock data away, infect networks with malicious software, mine cryptocurrency, enact a distributed denial-of-service (DDoS) botnet and perpetrate ransomware attacks. The fact that Log4j is used by so many companies and developers means that it presented a huge attack surface that Log4Shell could use to cause immense damage.

Which is precisely what it did. By December 2021, this zero-day exploit had infected Minecraft servers, Apple, Amazon, Cloudflare, Steam, Tesla, Twitter and Baidu. It was, as Arstechnica put it, a who’s who of the biggest names on the Internet.

Zero-day attacks need to be a priority for organisations, especially considering how, over the past two years, they’ve had to adopt remote ways of working and have accidentally opened up windows of opportunity for cybercriminals. Shopping windows for them, problems for the business. Cybercriminals are consistently on the prowl for zero-day exploits because that’s their job – just as it’s now the company’s job to consistently protect against them.

However, as much as the rapid rise in exploits is cause for concern, it’s equally a cause for celebration - the fact that so many were found is a sign that there are better detection systems in place that are more capable of finding the exploits and helping organisations protect against them. That said, zero-day attacks are increasing which means that organisations have to plan ahead so they can handle whatever 2022 may bring.

To actively protect the business against zero-day attacks and to mitigate the damage they cause, organisations should:

• Manage vulnerabilities. There has never been a greater need for a vulnerability management programme than today. It’s important to engage in the regular scanning of assets and to prioritise vulnerability remediation using a risk-based approach. There are some superb vulnerability management tools available that allow you to focus on the full lifecycle and monitor critical assets consistently.

• Ensure they update their patches. Keep track of patches and updates to protect from, or mitigate, future attacks.

• Identify and respond. If you’re attacked or compromised, put measures in place to contain the attack, identify its root cause and ensure there is a recovery period after the attack.

• Educate the users. Many zero-day attacks occur because of human error. It’s critical that employees and colleagues practice safe online hygiene and report anything suspicious.

• Engage preventative measures. Ensure that your firewalls are updated and correctly configured and that the latest anti-virus or endpoint detection software is in place and blocking access to certain sites, attachments and emails. And again, make sure your patches are up to date.

• Invest in a cybersecurity partner. The right partner means you are protected at the right time. Security experts will have systems in place and advanced technologies at their disposal that are designed to deal with zero-day exploits. They can protect your business from attacks and minimise threats significantly.

The cybersecurity industry is evolving and innovating at pace, providing companies with the tools and support they need to keep up with the cybercriminals and zero-day exploits. Advances are happening every day, some because of mistakes made, others because of relentless investment into robust security. Yes, the threats are real and rising, but with the right partners and security support, companies don’t have to fall victim to the next zero-day attack.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Cybersecurity needs actual intelligence before artificial intelligence
Information Security AI & Data Analytics
Cybersecurity depends on interpretation. A tool can tell you that something unusual has happened, but people need to determine whether it is a genuine risk, the business impact, and how to respond without causing unnecessary disruption.

Read more...
Duxbury Cybersecurity sharpens reseller offering
Duxbury Networking Information Security News & Events
Duxbury Networking has strengthened its Duxbury Cybersecurity business unit by adding WatchGuard and Cynet, giving South African resellers broader, more integrated coverage for the security risks customers are now asking them to address.

Read more...
NEC XON detects and stops ransomware attack
NEC XON Information Security IoT & Automation
Ransomware attacks rarely begin with chaos. More often, they start quietly, with probing, mapping, and patient reconnaissance inside a target’s network. That was the situation facing a global recruitment firm when cybercriminals attempted to navigate its systems.

Read more...
Sara AI Pentesting available in South Africa
Information Security News & Events
Synack and Wolfpack Information Risk are offering Sara AI Pentesting to organisations across South Africa, helping companies move from point-in-time testing to continuous security validation with AI and human expertise.

Read more...
Sophos establishes South African legal entity to strengthen local operations
News & Events Information Security
Global cybersecurity company, Sophos, has announced the formation of its local legal entity, which will support local invoicing, partner enablement, compliance requirements and expanded regional investment.

Read more...
Cybersecurity in a digitally connected security industry
SA Technologies Information Security IoT & Automation
As more organisations move towards digital visitor management, cloud-based access control, mobile applications, biometric verification, and connected security platforms, cybersecurity must be viewed as part of the full security environment.

Read more...
Enterprises must prepare for digital conflict
Information Security
Cyberattacks can be launched remotely and at scale. A coordinated attack launched from anywhere in the world can disrupt supply chains, shut down utilities, or expose millions of customer records within minutes.

Read more...
71% of organisations suffered an identity breach
News & Events Information Security
The State of Identity Security 2026 report from Sophos finds human error and poor non-human identity management are the root causes of most attacks, as agentic AI accelerates the risk.

Read more...
Cyber resilience is the real defence
Security Services & Risk Management Information Security Infrastructure
Cyber resilience has evolved into a form of strategic agility, ensuring that when an interruption occurs, the business does not just survive; it snaps back into place before the market even notices a pause.

Read more...
You will not get your files back with VECT
Information Security
If the newbie to the ransomware scene, VECT, comes knocking at your organisation’s door, do not pay the ransom! The decryption keys simply do not exist. They were discarded at the moment of encryption by the malware itself.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.