Zero time. Zero tolerance. Zero-day.

Issue 1 2022 Cyber Security

In 2021, zero-day attacks smashed through previous records according to researchers and experts interviewed by MIT Technology Review. The total number of zero-day exploits discovered in 2021 was 58, according to the 0Day tracking project, which was nearly double the number found in 2020 (26).

Stephen Osler.

Defined as attacks that use recently discovered security vulnerabilities to penetrate systems – the term ‘zero-day’ being the amount of time developers have to fix the vulnerability – zero-day attacks are expensive and time consuming. They are also a threat that shows no sign of slowing down, especially after the successes of 2021 and with new detection tools to identify more of them that were missed.

Perhaps one of the most important lessons learned last year was that anyone with a technical mindset and access to the right tools and software can exploit a vulnerability. They don’t need to access the Dark Web; they can download the tools they need to perpetrate a hack from a simple browser search.

This increase in ‘journeyman hacker’ is one of the biggest contributors to the rise in zero-day attacks and one of the most problematic. If anyone can become a hacker overnight with tools designed to do the work for them, then the threats will only increase as more and more people take advantage of them.

The Log4Shell example

In addition to an increase in hacker volumes, there was also a rise in hack capabilities, as evidenced by the trail of destruction left by the zero-day exploit known as Log4Shell. This exploited a Java-based logging facility used by vendors and developers called Log4j that’s essentially a library of information that can be used by hackers to cause immense damage.

When accessed, Log4j provides attackers with access to passwords and credentials, allows them to steal and lock data away, infect networks with malicious software, mine cryptocurrency, enact a distributed denial-of-service (DDoS) botnet and perpetrate ransomware attacks. The fact that Log4j is used by so many companies and developers means that it presented a huge attack surface that Log4Shell could use to cause immense damage.

Which is precisely what it did. By December 2021, this zero-day exploit had infected Minecraft servers, Apple, Amazon, Cloudflare, Steam, Tesla, Twitter and Baidu. It was, as Arstechnica put it, a who’s who of the biggest names on the Internet.

Zero-day attacks need to be a priority for organisations, especially considering how, over the past two years, they’ve had to adopt remote ways of working and have accidentally opened up windows of opportunity for cybercriminals. Shopping windows for them, problems for the business. Cybercriminals are consistently on the prowl for zero-day exploits because that’s their job – just as it’s now the company’s job to consistently protect against them.

However, as much as the rapid rise in exploits is cause for concern, it’s equally a cause for celebration - the fact that so many were found is a sign that there are better detection systems in place that are more capable of finding the exploits and helping organisations protect against them. That said, zero-day attacks are increasing which means that organisations have to plan ahead so they can handle whatever 2022 may bring.

To actively protect the business against zero-day attacks and to mitigate the damage they cause, organisations should:

• Manage vulnerabilities. There has never been a greater need for a vulnerability management programme than today. It’s important to engage in the regular scanning of assets and to prioritise vulnerability remediation using a risk-based approach. There are some superb vulnerability management tools available that allow you to focus on the full lifecycle and monitor critical assets consistently.

• Ensure they update their patches. Keep track of patches and updates to protect from, or mitigate, future attacks.

• Identify and respond. If you’re attacked or compromised, put measures in place to contain the attack, identify its root cause and ensure there is a recovery period after the attack.

• Educate the users. Many zero-day attacks occur because of human error. It’s critical that employees and colleagues practice safe online hygiene and report anything suspicious.

• Engage preventative measures. Ensure that your firewalls are updated and correctly configured and that the latest anti-virus or endpoint detection software is in place and blocking access to certain sites, attachments and emails. And again, make sure your patches are up to date.

• Invest in a cybersecurity partner. The right partner means you are protected at the right time. Security experts will have systems in place and advanced technologies at their disposal that are designed to deal with zero-day exploits. They can protect your business from attacks and minimise threats significantly.

The cybersecurity industry is evolving and innovating at pace, providing companies with the tools and support they need to keep up with the cybercriminals and zero-day exploits. Advances are happening every day, some because of mistakes made, others because of relentless investment into robust security. Yes, the threats are real and rising, but with the right partners and security support, companies don’t have to fall victim to the next zero-day attack.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Turnkey data loss prevention solution
IT infrastructure Cyber Security Products
Acronis’s expertise in data protection and the managed service provider market yields an innovative, fast-track approach for the prevention of catastrophic data leaks.

The cybersecurity consolidation conundrum
Editor's Choice Cyber Security Healthcare (Industry)
Check Point discusses why less is sometimes more when it comes to securing your organisation from the innumerable cyberattacks happening every day.

Companies continue to pay multiple ransom demands
News Cyber Security
Study reveals that 80% of companies that paid a ransom demand were hit again, nearly 50% reported paying a second ransom and nearly 10% paid a third time.

DCC becomes sole Symantec distributor for South Africa
News Cyber Security
Drive Control Corporation (DCC) has been appointed the sole distributor for Symantec security solutions to the South Africa channel, and will now also be distributing Symantec into the SADC region.

The evolution of vulnerability management
Cyber Security
As organisations focus on digitally transforming their enterprises, cybersecurity professionals have been facing an expansion of their attack surface – compounded by the digital explosion during the pandemic.

VMware enhances its lateral security for multi-cloud
Technews Publishing Cyber Security
Ahead of RSA Conference 2022, VMware introduced Contexa, VMware’s full-fidelity threat intelligence capability that observes the breadth of VMware’s network, endpoint, and user technologies.

Securing mobile devices for a remote workforce
Cyber Security
As a channel to your personal data, banking and accounts, and a link to your work and business data, smartphones drive cybercriminals directly to your pocket.

XM Cyber counters attacks involving Microsoft Active Directory exploits
Cyber Security
XM Cyber unveils first solution to reveal entire attack paths across AD and other vectors, aiding remediation and continuously protecting critical assets.

How to stop the costliest internet scam
Cyber Security
While ransomware, hacking, API hacks, and all the other cybersecurity threats make headlines, it is worth remembering that the costliest internet scam is still business email compromises.

How the MITRE ATT&CK Framework has revolutionised cybersecurity
Cyber Security
The MITRE ATT&CK framework is the most widely adopted and used by industry experts; what’s more, it is free and provides businesses with a fantastic source of information to strengthen their security posture.