Software Giants Report Recent Zero-Day Attacks
May 22, 2019
It can be difficult as an organization to stay ahead of hackers and their plans to deploy cyber threats that can significantly affect your business assets. Working with a managed security services provider or building your own in-house security operations center is a smart investment to ensure your business infrastructure is protected and you’re managing cyber and business risk. Often times, security teams include a Security Researcher in charge of remaining current with the new malware that hackers deploy on a daily basis, as well as detecting vulnerabilities and gaps within your applications and systems. Utilizing managed detection and response programs can also increase your protection by offering detection, prevention, and response services that correct vulnerabilities efficiently and effectively.
Without these cybersecurity measures in place your organization can be subject to a number of different threats including Zero-Day attacks and exploits. In this article we’ll define, explain, and review some examples of zero-day attacks.
Zero-Day Attack: Defined and Explained
As Kasperky Lab simply defines it: A zero day exploit is a cyber-attack that occurs on the same day a weakness is discovered in software. At that point, it’s exploited before a fix becomes available from its creator. Security or vulnerability researchers usually are the ones who find these vulnerabilities and security risks in software and programs – other times its simply an end user. Different courses of action typically occurs – the end user will either report it to the software or program company, warn others of the security flaw on the internet, or do both. During this time, hackers begin to discover the vulnerability and will plan to exploit it before a patch is available from the software or program developer, resulting in a zero-day attack.
Robert Lemos, a former research engineer, describes the motivation behind exploited vulnerabilities from researchers in his recent article on Dark Reading:
Publishing, or “dropping,” unknown vulnerabilities and exploit code used to be a popular way for vulnerability researchers to punish software vendors for a lack of focus on software security or for a lack of response to researchers’ vulnerability reports. However, as companies have increasingly taken security more seriously, and the impact of exploited vulnerabilities has grown more dire, researchers are far more likely to cooperate with software makers to fix issues, in a process known as coordinated disclosure.
Examples of Zero-Day Attacks
Recent zero-day attacks have made headlines, exploiting vulnerabilities in software giants Microsoft Windows and WhatsApp. A popular vulnerability researcher, SandboxEscaper, is known for exploiting software vulnerabilities in the past and now has exploited four unreported flaws in Microsoft Windows that can allow a local user to escalate their rights on a compromised system to that of an administrator.
A computer security researcher with Tripwire’s Vulnerability and Exposure Research Team, Craig Young, stated “The biggest risk that I see from this vulnerability is that of an insider threat. For example, employees typically do not have administrative rights on their workstations as this might allow them to install unauthorized software or remove critical security controls. These users of course know their own password and so can trivially exploit this flaw. Bad practices like password reuse or falling for social engineering tactics like phishing could also allow an attacker to exploit this, but only if they have a way to get an interactive login on the system. (e.g. WinRMI, RDP, SSH, VNC, etc)”.
WhatsApp, a mobile application used by approximately 1.5 billion people worldwide, announced in May that it discovered a vulnerability in the messaging app that allowed attackers to inject commercial Israeli spyware on to phones by ringing up targets using the app’s phone call function. WhatsApp is now urging all users to upgrade to the latest version of their app, as well as updating their mobile operating system to protect against potential targeted exploits designed to compromise mobile device information.
To best prevent a zero-day attack from occurring in your organization, it’s important to consistently update your software by downloading the latest software releases that will include security patches, as well as configuring security settings on operating systems, system browsers, and software.
For more information on zero-day attacks and exploits or how our MDR services can assist in detecting vulnerabilities 24×7, contact our security professionals at firstname.lastname@example.org or 855-732-8826.