In 2021, cybersecurity experts recorded the highest number of Zero-Day attacks ever, more than double the number in 2020. (You may recall the ProxyLogon or PrintNightmare attacks) The trafficking of zero-day exploits is lucrative for cyber adversaries and the growth trend is expected to continue.
A zero-day attack is an attack that exploits a software vulnerability that is not known to the software vendor or its users. Because the vulnerability is not known to the vendor, there is no patch to repair it. Since the vulnerability is not known to the software’s users, no specific protective actions are taken, presenting a land of opportunity for a threat actor equipped with a zero-day exploit. Attacks may proceed for weeks or months before investigations uncover the new exploit and vulnerability, and only then can the vendor begin to develop a patch. Until a patch is available, users are faced with an uneasy challenge: attempt to mitigate the risk and keep using the vulnerable software or disable it until it has been repaired. In many cases, circumstances dictate that the software must remain in use.
Realistically, you can’t chase something you don’t know about. The only thing you can do is rely on your security stack and hope that it can detect and respond to the activities that follow the initial exploit. The progression of Zero Day vulnerabilities is a three-phase approach:
- Discovery and Pre-Disclosure – The vulnerability is discovered and a Proof of Concept (PoC) is developed. Tools are written to optimize the exploitation.
- Post-Disclosure Pre-Patch (PDPP) – Consider the impact of the vulnerability through Common Vulnerabilities and Exposures (CVE) and the Common Vulnerability Scoring System (CVSS). CVE is a list of publicly disclosed computer security flaws. CVSS attempts to assign severity scores to vulnerabilities, allowing security professionals to prioritize responses and resources according to threat.
- Post Patch – Once you have determined if the vulnerability is worth addressing, the final phase involves identifying any remaining risk. You will also determine the mitigation needed as part of the change management process.
Responding to the volume and severity of zero-day vulnerabilities and the potential for them to be used in an attack is daunting for any IT team. As such, organizations must switch from a prevention mindset to a preparedness mindset. Contact us to learn how we can help your organization reduce risk accordingly.