Zero-day Threats Zeroing-in Again

Posted by Geraldine Hunt on Thu, Feb 4th, 2021

Most people have a natural fear of the unknown, perhaps that’s why IT personnel have a fear of zero-day threats and vulnerabilities.  At some point, just about every IT device or software application has a zero-day vulnerability that its vendor has yet failed to patch.   Even right now, these unknown weaknesses reside within your enterprise, waiting to be exploited by an unknown hacker residing in an unknown part of the world. 

Hackers indeed target zero-day vulnerabilities by writing malicious code to create zero-day exploits in order to carry out an assortment of malevolent deeds. Examples of zero-day exploits include: seizing unauthorized control of a device, stealing data, corrupting files or espionage.  Essentially, a zero-day attack is a threat for which there is no defense in place.  From a military perspective, it is a surprise attack.  Zero-day attacks have become so prevalent that according to a report by the cybersecurity company, Cynet, half of the malware detected in 2019 was classified as zero-day threats. For hackers that don’t have the coding skills to take advantage of these vulnerabilities, zero-day exploits can readily be purchased on the open internet market.  Prices can range from hundreds to tens of thousands of dollars. 

Once a vendor officially recognizes a zero-day vulnerability, it loses its zero-day status.  At that point, it is up to IT departments to download and install the newly released patches in order to secure and eliminate the vulnerability. 

Recent Examples of Zero-Day Attacks

If you pick an arbitrary thirty day period, you will find plenty of examples of zero-day exploits.  Here are examples that were recently announced. 

• An NTFS vulnerability in Windows 10 was identified days ago, allowing an intruder to corrupt a drive’s file system with a single command.  The exploit could be disguised within multiple delivery methods such as a Windows shortcut file, ZIP archive or batch file.  Upon executing the file, the file system is immediately corrupted and the user is prompted to restart their Windows device into an unbootable state.  The exploit goes all the way back to the 1803 version.  It is recommended that all Windows 10 devices be updated immediately in order to receive the patch.
• Don’t think that cybersecurity companies are exempt from zero-day weaknesses.  SonicWall, a highly prominent security vendor announced that it was the victim of a recent attack in which the perpetrators used a zero-day exploit found within the company’s own remote access products.  Affected products include the Secure Mobile Access line of devices that provide network gateways for small and medium sized businesses to provide access to remote users. Admins were advised to create rules to curtail the exploit until a patch is released.
• Firmware is a frequent culprit when it comes to zero-day vulnerabilities.  Just last month it was discovered that a number of D-Link VPN router models were susceptible to zero-day attacks thanks to buggy firmware.  When exploited, attackers could remotely launch a root command injection attack, allowing them to take over the device.  Beta firmware patches were quickly released to shore up the discovered weakness.
• A security team found out last month that a popular WordPress plugin was giving hackers the ability to reset passwords for admin accounts on WordPress sites.  The plugin allowed users to configure their own SMTP settings for their website’s outgoing emails. This information was then stored in a simple logfile which was accessible to intruders.  With access to the SMTP settings, the hacker could initiate a password reset for the admin account.   Unfortunately, this plugin was installed on more than 500,000 websites.  A patch was released by the company shortly after discovery. 
• Too often, users rely on endpoint security solutions to protect them against any and all desktop threats.  The problem is that even these security applications are prone to zero-day vulnerabilities as well.  Microsoft released a patch to combat a Microsoft Defender remote code execution vulnerability at the start of the New Year.  The discovered bug allowed attackers to trick users into opening a file containing malicious code. 

How to Prevent and Combat Zero-Day Attacks

The most important thing you can do to prevent zero-day attacks from occurring is to keep all devices, software, and firmware fully patched and up to date.  While there is nothing you can do to secure these unknown bugs and weaknesses from occurring, you can prevent this delivery of corresponding exploits through common attack avenues. 

A modern day email security solution such as SpamTitan can prevent users from accessing phishing emails, thus stopping them from clicking on disguised download links or malware-infected attachments.  A full service internet filtering solution such as WebTitan can prevent users from accessing risky sites and eradicate malicious code from active web sessions before they infiltrate user devices.  You can’t prevent zero-day vulnerabilities, but you can curtail their possible exploits with the right security tools.

Prevent zero-day attacks with a multi-level security; SpamTitan and WebTitan. Get in touch with a TitanHQ team member today to learn more about preventing zero-day vulnerabilities. Contact us.