The Zero-Day Dilemma
September 27, 2021

In boxing, it’s often said that the punch you don’t see coming is the one that puts you down.  Unfortunately, this adage rings just as true for cybersecurity.

Last month, Google reported  that they’d discovered four new zero-day exploits targeting flaws in  the browsers Chrome, Safari, and Internet Explorer. These exploits are only the latest in a decades-long trend of increasing zero-day campaigns. 2021 has already surpassed the total number of attacks of previous years with 33 exploits detected.

But what does this mean for the world of cybersecurity and how does it affect you? To answer that, it helps to have a bit of background on how we got here.

What is A Zero-Day

A zero-day is any flaw in software, firmware, or hardware that the developer is unaware of or hasn’t had the opportunity to patch. Zero-day attacks were once strictly the domain of government-backed threat operators with the resources and expertise to find flaws and develop an exploit.  However, since the 2010s, the market that trades specifically in zero-days has increased exponentially, fueled by the ever-growing need for cyberespionage.

In a highly secretive underworld of NDA’s and black hat hackers, private zero-day brokers are contracted by governments around the world and paid handsomely for the exploits they’ve created. These exploits are then used in targeted campaigns to capture sensitive information from individuals and nation-states around the world.

The Latest Incident 

The three most recent campaigns that were flagged by Google’s Threat Analysis Group (TAG) fit this criterion.

According to Google, the two exploits that targeted flaws in Chrome (CVE-2021-21166 and CVE-2021-30551) were delivered via email to targets in Armenia. The third exploit (CVE-2021-33742) also targeted Armenian users, but through a vulnerability in Internet Explorer.  The fourth and final exploit took advantage of a vulnerability in Safari (CVE- 2021-1879) to compromise iOS devices and target Western European government officials.

Patches have since been released for each of the operating systems to mitigate the vulnerabilities.  However, as zero-day attacks continue to rise at record pace, it is clear that we are in uncharted territory. 

Why Zero-Days Are Increasing

 It is difficult to identify a single reason for why zero-day attacks are increasing. While Google cites increased detection as one of the main drivers of the uptick in exploits, with white hat hackers and threat analysts becoming more adept at finding vulnerabilities, there has also been an increase in the number of threat actors capable of using those same vulnerabilities to launch zero-day campaigns. This paradigm has its roots in the very heart of the zero-day dilemma, in the constant game of one-up played between white hats and black hats.

In her book,  This Is How They Tell Me the World the Ends: The Cyber Weapons Arms Race ,  journalist  Nicole Perlroth traced the origins of the current zero-day market to an on-the-outs cybersecurity  firm in 2003. In a pinch, the company started paying hackers for the exploits they handed over.  The problem, they soon discovered, was that there were other interested buyers willing to pay more. And so, the zero-day market was born.

 How Zero-Day Attacks Impact You

 Zero-Day attacks pose a major threat to security. Hackers can target vulnerabilities with exploit malware that compromises sensitive information on your computer.

In the case of the two Chrome exploits, hackers used malicious email links to direct users to attacker-controlled domains and collect information from the user’s device.

Ransomware attacks have also increased,  outpacing the 2020 total in just six months of 2021 .  These attacks use zero-day vulnerabilities to encrypt sensitive information on a user’s or organization’s system and hold it for ransom.

Some of the most popular ransomware targets are government and financial institutions, meaning that an exploited flaw can potentially compromise the personal information of a large portion of the public.

 Following a year that was marred by some high-profile cyber attacks, including the SolarWinds (SWI) and Kaseya breach, Colonial Pipeline hack, and supply disruption at meatpacker JBS (OTCQX:JBSAY), President Biden called in the big boys. The CEOs from Apple (AAPL), Microsoft (MSFT) and Amazon (AMZN) held discussion in the White House to discuss efforts in beefing up cybersecurity. Bloomberg reports that other top industry players were also invited to the meeting, including the heads of Alphabet (GOOGL), IBM (IBM), Southern Co. (SO) and JPMorgan Chase (JPM).

 The White House issued a National Security Memorandum that was meant to help the private sector establish new standards in beefing up their cybersecurity strongholds. The order’s primary objective is defending U.S. critical infrastructure. Reports also suggest that the executives are likely to discuss how software can drive better security in the supply chain.

 How to Keep Yourself Safe

 So, should you be worried? Absolutely.

Zero-day attacks are only going to increase. And while some of this increase can be attributed to improved cybersecurity measures and expeditious rollouts of patches, the rate at which new vulnerabilities are being exploited has left many IT groups struggling to keep pace.

Many of these exploits require an element of phishing. Along with the previously mentioned Chrome email exploits, the IE zero-day was carried out using distributed MHT files and the Safari zero-day relied on malicious links delivered through LinkedIn messenger. In cases like these, endpoint detection and response (EDR), which identify and analyze threats at the device level have historically been enough to protect most mid-market companies.

However, a growing concern among analysts is the increase in zero-day attacks that don’t rely on social engineering techniques to gain initial access, and target IT supply chains such as MSPs.  Recent attacks against Kaseya and Microsoft Exchange didn’t need to use phishing to gain initial access and exploit vulnerabilities.

Protecting against scenarios like these requires a layered approach that unifies information collected from a multitude of points throughout the system.

 CloudjacketX and The New Normal

 That’s why we created CloudjacketX. An extended detection and response system (CloudJacketXDR), it applies advanced AI and data logging techniques to analyze threats to the entire system.

By increasing visibility across your hybrid, cloud or network environment, CloudjacketX detects and responds to ransomware and other advanced cyber threats. In short, it protects against zero-day exploits.  Every day, cybersecurity analysts are detecting and patching more and more vulnerabilities. But this, in turn, creates a greater demand for zero-days and the operators who can exploit them.

That’s the zero-day dilemma.

SECNAP CloudJacket

Ensure your organization has robust cybersecurity protection that quickly identifies and contains potential breaches.

Stay up-to-date with the latest news and trends in cyber security. Follow SECNAP Network Security’s social media channels and get valuable insights, tips, and information to help protect your organization from online threats:

More Related Posts