Seven Ways to Reduce the Impact of Zero-Day Exploits

Reducing the impact of zero day exploits
Reducing the impact of zero day exploits

At the end of 2021, the Log4Shell remote code execution (RCE) exploit was discovered in a popular Java logging package, Log4j. With millions of devices and software packages affected, it became the worst cybersecurity vulnerability since the SolarWinds attack, with attacks continuing into the early months of 2022.

Log4Shell is an example of a zero-day exploit: zero-days are vulnerabilities exploited by malicious cyber actors immediately after they are discovered in devices and software products. The term “zero-day” is a reference to the number of days organizations and cyber defenders have to prepare – zero.

As cyber actors increase in sophistication, the number of zero-day exploits is increasing every year. In 2021, Mandiant found that the number of zero-days had doubled since 2019. In this article, we’ll explain where zero days are most likely to originate, and how businesses can protect themselves from harm.

Common Types of Zero-Days

Since zero-days are code-based vulnerabilities that allow remote actors to hijack devices and applications, any Internet-connected, programmable surface is susceptible to zero-day exploits. Today, common targets include:

  •  Third-Party Software – third-party applications are frequently built on top of dependencies that can suffer from zero-day exploits. Since Log4Shell targeted a component in Apache Logging Services, millions of apps which depend on Apache were impacted.
  • Web Browsers – every day, Internet users spend up to 6 hours of their day online – this makes Web Browsers like Edge, Chrome and Firefox common targets for malicious actors seeking zero day exploits. In 2022 alone, Google has patched seven zero-days in the Chrome browser.
  • Mobile Operating Systems – compromised mobile devices are a great source of sensitive data which makes them a major target for nation-state actors. Zero-day exploits often surface in iOS, Android and other mobile operating systems; worse, they can go undiscovered for years before they are patched.
  • Network Edge Devices – routers and switches regularly fall victim to zero days which enable cyber actors to bypass protocols and WPA encryption. In 2018, 83% of home and enterprise routers were found to possess publicly known vulnerabilities, and today, these devices are also a favorite target for ransomware attacks.

As organizations grow more reliant on information technology (IT), the threat of zero day exploits will continue to rise – the average business deploys over 100 software-as-a-service (SaaS) apps, and at least as many connected devices. Now more than ever, businesses need to take preventive steps to protect themselves from vulnerabilities.

Reducing the Impact of Zero-Day Exploits

The danger of a zero-day exploit is exacerbated by the fact that cyber defenders cannot detect its presence based on Common Vulnerabilities and Exposures (CVEs) or attack signatures. Fortunately, there are ways to reduce the likelihood of a zero-day exploit and increase your attack preparedness.

  1. Threat Detection Systems – aside from basic cyber defenses – such as firewalls and anti-virus – organizations should adopt real-time protection in the form of inline intrusion-prevention systems (IPS). An IPS system can use network intelligence to detect signs of intrusion even if it cannot detect the specific type of attack, alerting your team if a zero-day exploit is used.
  2. Egress Filtering – while filtering inbound traffic is crucial, filtering outbound traffic is equally important. This is possible with egress filtering, which can be implemented through a firewall or intrusion prevention system (IPS), enabling network admins to prevent applications on your network from reaching out to certain destinations or using unsafe protocols.
  3. Network Visibility – security teams often have limited visibility into the devices and applications that are operating across their networks. Bringing this fragmented knowledge together is essential for securing your network from exploits: keep an inventory of every device, whether IT, IoT or OT, classify and continually monitor them for configuration changes.
  4. Device Oversight – devices – including routers, switches, laptops and mobile phones – typically receive regular updates that patch zero-days when they are discovered by the malware researchers. Organizations should maintain an up-to-date inventory of all the devices connected to their network, set update policies, and replace devices that are no longer supported by the manufacturer.
  5. Third-Party Vendor Management – while no vendor can guarantee that their devices or software products won’t fall prey to a zero-day exploit, some vendors are more security conscious than others. Take inventory of your software supply chain, and research all your technology partners to ensure they are applying adequate security controls.
  6. Adopt a Zero-Trust Paradigm – when malicious actors compromise your network through a zero-day exploit, they will try to move laterally to other systems. A zero-trust security paradigm can stop them in the process by applying the principle of least privileges, and constantly verifying a user’s identity as they switch between devices and applications.
  7. Vulnerability Assessmentvulnerability assessments and penetration tests can help you to better document your IT infrastructure and remediate security gaps that increase the impact of zero-day exploits.While there’s no way to eliminate the chance of a zero-day exploit altogether, developing a strong cybersecurity program can give your business the tools it needs to close cybersecurity gaps, eliminate risky vendors, and respond quickly in a disaster. 

Partner With Cybersecurity Veterans

In today’s perilous cyber landscape, organizations need expert cybersecurity consultants to help them find and identify risks to their mission-critical assets. But with a worldwide shortage of cyber talent, finding experts has become increasingly difficult – fortunately, Securicon is here to help.

With a team comprised of veterans from the U.S security community – including DoD, DHS and the U.S Cyber Command – we are equipped to prepare your organization for the worst, from gap analysis to compliance consulting, assessment support and audit preparation. To learn more, contact us today.

Cyber Warfare Now: Explaining the Global Threat Landscape in 2022

cyber warfare, How to protect against data breaches
cyber warfare, How to protect against data breaches

2021 was a very difficult year for the cybersecurity sector, with cybercrime spanning nation-state actors, lone wolves and advanced persistent threat (APT) groups. But who are the players, what are their tools, and how are their tactics changing?

Last year there were several high-profile breaches like Solar Winds, Colonial Pipeline and dozens of others that created severe economic and security-related issues on a global scale. Ransomware in particular made a huge impact targeting tons of small and medium-sized businesses. Looking at the global threat landscape, we saw how easily critical infrastructure and supply chain security weaknesses can be targeted and exploited at an alarming rate. We also witnessed the cascading effect that a single breach on even one company’s cybersecurity platform can have on many other businesses.

Considering all the ongoing cybersecurity challenges in the world today, businesses need to stay as proactive as possible. However, cybercriminals are only getting more advanced in 2022. The global-scale internet offers a public freeway for furthering their ill intent, whether it be financial securities, government influence, or political unrest.

Cybercriminals are upping their game in 2022

cyber warfare, hackers, cyber attacks cyber warfare

Swift transformation in the digital age has brought consumers great convenience with mobile apps and e-commerce in general, especially since the COVID-19 pandemic. Cloud computing has flourished into a massive digital platform housing more remote working environments online than ever before. As such, the use of video conferencing services has already grown exponentially around the world.

As the use of these digital tools increases with time, so does the amount of data produced. Estimates from the World Bank reveal that by the end of 2022 the total annual internet traffic will have increased by about 50% from 2020, reaching approximately 4.8 zettabytes. As such, the pandemic has shown us how closely interconnected all businesses are and how increased digitalization has created new opportunities for cybercriminals and cyberattacks. In other alarming statistics to consider, corporate networks experienced 50% more cyberattack attempts per week in 2021 than in previous years, and that number will only grow in 2022. This spike is partially due to Log4j – which helped cyber attackers boost their attempts to an all-time high in Q4 2021.

Ransomware, black markets, and the geopolitical forces behind them

A growing concern for 2022 are the increasing number of ransomware gangs on the loose. Ransomware is typically a type of malware, or malicious software that blocks access to data, programs, and computer files until the victim finances the attacker. Ransomware gangs have moved on from single attacks on individuals to confrontations with big companies having to pay out sometimes millions of dollars to get their data back.

On the black market cryptocurrencies can be traded anonymously which is a perfect setup for cybercriminals. In 2021, the Colonial Pipeline attack was a notorious example of this type of ransom method. Bloomberg reported that the FBI was able to recoup most of the losses from the Russian-based hacking group called REvil, allegedly blamed for the attack. Looking at cryptocurrency as a resource for cybercriminals, it is believed as much as $5.2 billion worth of outgoing Bitcoin transactions were directly tied to ransomware payouts last year involving the top 10 most popular ransomware variants.

Back in 2020, Amazon was able to prevent the largest distributed denial of service (DDoS) cyber-attack ever recorded with its AWS Shield protection service. Even though Amazon was able to mitigate this 2.3 Tbps DDoS attack at its peak, e-commerce security experts proclaimed the event as “a warning we should not ignore.” In 2022, it’s not only e-commerce cybersecurity that we need to worry about. Political unrest between the superpowers has already prompted media outlets to make predictions of a “Cyber Cold War.” Cybercriminal activities are still unpredictable and difficult to track, especially on the geopolitical front, but every incident provides lessons for security teams to strengthen their defenses in a number of ways.

Threats actors are advancing, and your business should too

Fortunately, many smaller to medium-sized businesses are capable of predicting their vulnerabilities before real disaster strikes, but some organizations and government entities might not be so lucky. Securicon’s seasoned experts can identify the secure network and system architecture needed to protect your assets. To learn how Securicon can help your business, visit our contact page.