Zero-day exploits are becoming more common and more vicious and this is why you should be worried.
A zero-day exploit is a cyber-attack that does precisely what the name suggests – it exploits a previously unknown vulnerability to gain access to a system, platform, business and data, and are the tastiest treats known to hackers.
In 2021, the 0-Day Tracking Project found nearly double the number that were discovered in 2020, and in 2022, half of the zero-days found have been variants of previous ones.
Google’s Project Zero, a team that is dedicated to hunting for zero-day attacks and vulnerabilities, declared in April 2022 that, really, it turned out that ‘the more you know, the more you know you don’t know’, and that, in a nutshell is why everyone should be worried.
“A zero-day exploit is essentially a piece of code or a method used to exploit a vulnerability for which there is no patch,” says Martin Potgieter, CIO at Nclose. “It’s so named because there have been no days, zero days, for the developer to release a patch or for security experts and systems to monitor for the vulnerability or the attack vector. This makes these attacks invaluable to cybercriminals and deadly to companies.”
Zero-day exploits can be used by cybercriminals to gain access to systems and hold them to ransom, steal data for sale and defraud for millions.
Over the past year, they’ve been described as the ‘millionaire zero-day exploit markets’ and the ‘rise of the million dollar zero-day market’, for good reason. And these exploits are not just being used by hackers to snatch funds from big business, they’re being used by governments to launch mass campaigns, influence perceptions and even more nefarious and unpleasant attacks.
“Last year, there were quite a few Microsoft Exchange zero-day vulnerabilities that were found by researchers,” says Potgieter. “These researchers, be they the good guys or the bad guys, are committed to finding the vulnerabilities in this platform.
“The good guy’s report anything they find to Microsoft who then set out to fix the code and deploy a patch and then notify the public. However, if an attacker finds the vulnerability, they set out to exploit it immediately because nobody knows what to look for, or that it exists. The perfect storm.”
For the business, the entire zero-day landscape may look a lot like a scene from Mad Max. Wild attackers in nail-studded attack vectors swooping into their systems like a hot knife through proverbial butter. However, there are steps that can be taken to add in layers of protection and to ensure that zero-day risks are managed, if not mitigated.
“The first is to ensure that you patch your systems consistently and that you are on top of the latest patch releases and announcements from software developers,” says Potgieter. “Vendors can be lackluster when it comes to how long they take to fix an issue and how much effort they put into it, so it’s important to prioritise this awareness and to stay ahead of patches and announcements.”
Often, systems will show a spike in attacks when a zero-day has been found or remains unpatched, so it’s important to remain alert to these shifts in detection temperature so you can catch attempts and vulnerabilities fast. In the absence of a patch, companies have to put other systems and solutions in place to mitigate the risk of attack, like take a service offline or disable a specific functionality to make the exploit code ineffective until the system can be patched.
“Very often, hackers will scan systems to find those that are vulnerable so they can attack at a later stage,” says Potgieter. “This happens very soon after the exploit code is released. So, perhaps the biggest safety net for any business right now is to stay alert and watch for shifts in attack volume and in exploit announcements.
“Then, invest into a Cybersecurity Partner that is dedicated to assessing vulnerabilities and offer a vulnerability management service. This means that you have a team researching the zero-day researchers, announcements and trends so you are ahead of the risk.”
The future may not be clear, and the ability to detect zero-day exploits may not be fool proof, but investing into the right tools and support will give the business far more control over the landscape and significantly reduce the risk.