Tackling the complexity and security of zero-day attacks in 2022, by Stephen Osler, Co-Founder and Business Development Director at Nclose
In 2021, zero-day attacks smashed through previous records according to researchers and experts interviewed by MIT Technology Review. The total number of zero-day exploits discovered in 2021 was 58, according to the 0Day tracking project, which was nearly double the number found in 2020 (26).
Defined as attacks that use recently discovered security vulnerabilities to penetrate systems – the term ‘zero day’ being the amount of time developers have to fix the hole – zero-day attacks are expensive and time consuming.
They are also a threat that shows no sign of slowing down, especially after the successes of 2021 and with new detection tools to identify more of them that were missed.
Perhaps one of the most important lessons learned last year was that anyone with a technical mindset and access to the right tools and software can exploit a vulnerability. They don’t need to access the dark web; they can download the tools they need to perpetrate a hack from a simple browser search. This increase in journeyman hacker is one of the biggest contributors to the rise in zero-day attacks and one of the most problematic. If anyone can become a hacker overnight with tools designed to do the work for them, then the threats will only increase as more and more people take advantage of them.
In addition to an increase in hacker volumes, there was also a rise in hack capabilities, as evidenced by the trail of destruction left by the zero-day exploit known as Log4Shell. This exploited a java-based logging facility used by vendors and developers called Log4j that’s essentially a library of information that can be used by hackers to cause immense damage.
When accessed, Log4j provides attackers with access to passwords and credentials; allows them to steal and lock data away; infect networks with malicious software; mine cryptocurrency; enact a distributed denial-of-service (DDoS) botnet; and perpetrate ransomware attacks. The fact that Log4j is used by so many companies and developers means that it presented a huge attack surface that Log4Shell could use to cause immense damage.
Which is precisely what it did. By December 2021, this zero-day exploit had infected Minecraft servers, Apple, Amazon, Cloudflare, Steam, Tesla, Twitter and Baidu. It was, as Arstechnica put it, a who’s who of the biggest names on the internet.
Zero-day attacks need to be a priority for organisations, especially considering how, over the past two years, they’ve had to adopt remote ways of working and have accidentally opened up windows of opportunity for cybercriminals. Shopping windows for them, problems for the business. Cybercriminals are consistently on the prowl for zero-day exploits because that’s their job – just as it’s now the company’s job to consistently protect against them.
However, as much as the rapid rise in exploits is cause for concern, it’s equally a cause for celebration – the fact that so many were found is a sign that there are better detection systems in place that are more capable of finding the exploits and helping organisations protect against them. That said, zero-day attacks are increasing which means that organisations have to plan ahead so they can handle whatever 2022 may bring.
To actively protect the business against zero-day attacks and to mitigate the damage they cause, organisations should:
- Manage vulnerabilities. There has never been a greater need for a vulnerability management programme than today. It’s important to engage in the regular scanning of assets and to prioritise vulnerability remediation using a risk-based approach. There are some superb vulnerability management tools available that allow you to focus on the full lifecycle and monitor critical assets consistently.
- Ensure they update their patches. Keep track of patches and updates to protect from, or mitigate, future attacks.
- Identify and respond. If you’re attacked or compromised, put measures in place to contain the attack, identify its root cause, and ensure there is a recovery period after the attack.
- Educate the users. Many zero-day attacks occur because of human error. It’s critical that employees and colleagues practice safe online hygiene and report anything suspicious.
- Engage preventative measures. Ensure that your firewalls are updated and correctly configured and that the latest anti-virus or endpoint detection software is in place and blocking access to certain sites, attachments, and emails. And again, make sure your patches are up to date.
- Invest into a cybersecurity partner. The right partner means you are protected at the right time. Security experts will have systems in place and advanced technologies at their disposal that are designed to deal with zero-day exploits. They can protect your business from attacks and minimise threats significantly.
The cybersecurity industry is evolving and innovating at pace, providing companies with the tools and support they need to keep up with the cybercriminals and zero-day exploits. Advances are happening every day, some because of mistakes made, others because of relentless investment into robust security. Yes, the threats are real and rising, but with the right partners and security support, companies don’t have to fall victim to the next zero-day attack.