At the end of 2021, the Log4Shell remote code execution (RCE) exploit was discovered in a popular Java logging package, Log4j. With millions of devices and software packages affected, it became the worst cybersecurity vulnerability since the SolarWinds attack, with attacks continuing into the early months of 2022.
Log4Shell is an example of a zero-day exploit: zero-days are vulnerabilities exploited by malicious cyber actors immediately after they are discovered in devices and software products. The term “zero-day” is a reference to the number of days organizations and cyber defenders have to prepare – zero.
As cyber actors increase in sophistication, the number of zero-day exploits is increasing every year. In 2021, Mandiant found that the number of zero-days had doubled since 2019. In this article, we’ll explain where zero days are most likely to originate, and how businesses can protect themselves from harm.
Common Types of Zero-Days
Since zero-days are code-based vulnerabilities that allow remote actors to hijack devices and applications, any Internet-connected, programmable surface is susceptible to zero-day exploits. Today, common targets include:
- Third-Party Software – third-party applications are frequently built on top of dependencies that can suffer from zero-day exploits. Since Log4Shell targeted a component in Apache Logging Services, millions of apps which depend on Apache were impacted.
- Web Browsers – every day, Internet users spend up to 6 hours of their day online – this makes Web Browsers like Edge, Chrome and Firefox common targets for malicious actors seeking zero day exploits. In 2022 alone, Google has patched seven zero-days in the Chrome browser.
- Mobile Operating Systems – compromised mobile devices are a great source of sensitive data which makes them a major target for nation-state actors. Zero-day exploits often surface in iOS, Android and other mobile operating systems; worse, they can go undiscovered for years before they are patched.
- Network Edge Devices – routers and switches regularly fall victim to zero days which enable cyber actors to bypass protocols and WPA encryption. In 2018, 83% of home and enterprise routers were found to possess publicly known vulnerabilities, and today, these devices are also a favorite target for ransomware attacks.
As organizations grow more reliant on information technology (IT), the threat of zero day exploits will continue to rise – the average business deploys over 100 software-as-a-service (SaaS) apps, and at least as many connected devices. Now more than ever, businesses need to take preventive steps to protect themselves from vulnerabilities.
Reducing the Impact of Zero-Day Exploits
The danger of a zero-day exploit is exacerbated by the fact that cyber defenders cannot detect its presence based on Common Vulnerabilities and Exposures (CVEs) or attack signatures. Fortunately, there are ways to reduce the likelihood of a zero-day exploit and increase your attack preparedness.
- Threat Detection Systems – aside from basic cyber defenses – such as firewalls and anti-virus – organizations should adopt real-time protection in the form of inline intrusion-prevention systems (IPS). An IPS system can use network intelligence to detect signs of intrusion even if it cannot detect the specific type of attack, alerting your team if a zero-day exploit is used.
- Egress Filtering – while filtering inbound traffic is crucial, filtering outbound traffic is equally important. This is possible with egress filtering, which can be implemented through a firewall or intrusion prevention system (IPS), enabling network admins to prevent applications on your network from reaching out to certain destinations or using unsafe protocols.
- Network Visibility – security teams often have limited visibility into the devices and applications that are operating across their networks. Bringing this fragmented knowledge together is essential for securing your network from exploits: keep an inventory of every device, whether IT, IoT or OT, classify and continually monitor them for configuration changes.
- Device Oversight – devices – including routers, switches, laptops and mobile phones – typically receive regular updates that patch zero-days when they are discovered by the malware researchers. Organizations should maintain an up-to-date inventory of all the devices connected to their network, set update policies, and replace devices that are no longer supported by the manufacturer.
- Third-Party Vendor Management – while no vendor can guarantee that their devices or software products won’t fall prey to a zero-day exploit, some vendors are more security conscious than others. Take inventory of your software supply chain, and research all your technology partners to ensure they are applying adequate security controls.
- Adopt a Zero-Trust Paradigm – when malicious actors compromise your network through a zero-day exploit, they will try to move laterally to other systems. A zero-trust security paradigm can stop them in the process by applying the principle of least privileges, and constantly verifying a user’s identity as they switch between devices and applications.
- Vulnerability Assessment – vulnerability assessments and penetration tests can help you to better document your IT infrastructure and remediate security gaps that increase the impact of zero-day exploits.While there’s no way to eliminate the chance of a zero-day exploit altogether, developing a strong cybersecurity program can give your business the tools it needs to close cybersecurity gaps, eliminate risky vendors, and respond quickly in a disaster.
Partner With Cybersecurity Veterans
In today’s perilous cyber landscape, organizations need expert cybersecurity consultants to help them find and identify risks to their mission-critical assets. But with a worldwide shortage of cyber talent, finding experts has become increasingly difficult – fortunately, Securicon is here to help.
With a team comprised of veterans from the U.S security community – including DoD, DHS and the U.S Cyber Command – we are equipped to prepare your organization for the worst, from gap analysis to compliance consulting, assessment support and audit preparation. To learn more, contact us today.