Another Avalanche of Zero-Day Threats Has Arrived

Posted by Trevagh Stankard on Thu, Feb 18th, 2021

A wave of new zero-day threats is plaguing WordPress, VMware, D-Link routers, and several other software applications. The introduction of new threats makes it harder for businesses to protect data, especially now when many employees work from home. These zero-day threats can be used to steal data, take control of devices, launch distributed denial-of-service (DDoS) attacks, and obtain access credentials.

The Biggest Zero-Day Threats to Start 2021

A zero-day exploit is one that has not been seen or detected yet in the wild, so they carry some of the biggest aftermath consequences when organizations suffer from an attack. Cyber-criminals continually look for new ways to overcome defenses and exploit unknown vulnerabilities. A few notable zero-day threats were detected in December 2020, but because of the holidays many people were unaware that they need to patch their software.

The first notable zero-day threat targets a WordPress plugin named Easy WP SMTP. This plugin allows website administrators use outgoing STMP servers to send email. The plugin does not have an index.html file, so it turns on directory browsing. Directly browsing allows anyone to read the files and content stored in the directory. Easy WP SMTP kept a debugging text file in this directory, so attackers were able to reset administrator passwords from reading this file. This zero-day vulnerability affected 500,000 websites and should be patched quickly.

VMware also suffered from a zero-day vulnerability affecting its Workspace One, Identity Manager, and vRealize Suite Lifecycle Manager. Popular in the virtual machine (VM) space, VMware is used in both large server environments and personal workspaces where users need to set up a VM. The vulnerability allowed an attacker with network access to the administrative configurator on port 8443 to execute commands on the underlying operating system. This means that host providers that use VMs for customer web applications could be vulnerable to an attacker running arbitrary commands on the underlying physical machine’s operating system. This made the vulnerability a critical one that must be patched quickly.

The final large-scale zero-day vulnerability affected the popular Google Chrome browser. The vulnerability was so severe that the Department of Homeland Security (DHS) made an announcement that users should patch their system immediately. Since the Google Chrome browser has a major portion of the browser market, the vulnerability could potentially affect millions of users. The vulnerability allowed an attacker to exploit heap corruption in Chrome’s JavaScript engine using a carefully crafted HTML web page and take remote control of the remote system.

The Need for Cybersecurity Will Increase in 2021

If you don’t already have a cybersecurity strategy, your business is vulnerable to these threats as well as future zero-days. New zero-day threats are inevitable, but organizations can do their best to find strategies that will help the organization avoid them in the best way possible.

When it comes to zero-day threats, the first response should be to patch the system. The longer it takes to patch the system, the longer the window of opportunity for an attacker to compromise the system by exploiting the vulnerability. Patch management tools will help with updating software so that you don’t miss any systems that do not have the latest patches to defend against vulnerabilities. These tools are often used in large enterprise environments where administrators much ensure that hundreds of server operating systems must be patched, and thousands of user devices need updates.

One common misstep for companies is forgetting human errors and the multiple ways attackers trick employees into running malware on their system. Phishing is common in many attacks, because it gives an attacker an opening to attach malicious software to a message and get it onto the network. It only takes one misstep from an employee to give the attacker an opening for malware infection on the network.

Because phishing is such an effective tactic for attackers, organizations should always have email cybersecurity in the form of filters. Email messages with executable attachments should be filtered out and blocked from reaching the recipient’s inbox. Microsoft Office attachments should also be scanned for potential threats using macros. These messages with macro attachments can be quarantined in a safe location so that administrators can review them later for any false positives.

By using the right cybersecurity strategies, businesses can protect their data from new and current threats. Patch management and email filters are the first step towards better cybersecurity. If you have the right strategies, you greatly reduce your risk of becoming the next victim of a zero-day exploit.

Protect your organization from zero-day attacks with SpamTitan. A secure solution that anticipates new attacks using advanced, predictive technology. Start 14-day free trial of SpamTitan today.