Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More
During the past two weeks, several zero-day vulnerabilities have turned up in commonly used software. The most publicized of these was the zero-day affecting all versions of Microsoft Internet Explorer. Microsoft considered the vulnerability critical enough that it decided to release a patch for Windows XP, even though it ended support for that operating system at the beginning of April.
Typically, criminals discover zero-day vulnerabilities before they are known by vendors like Microsoft. This makes them especially dangerous for several reasons. Since there is no vendor patch available for the flaw, criminals are free to exploit it at will. Also, since security vendors don't know about the bug, security products and services don't know what to look for or block. This means criminals can develop an exploit with a high success rate and low detection rate.
Finding a zero-day and then developing an exploit for it requires a great deal of knowledge and skill. This is why many zero-days are found in conjunction with sophisticated, targeted attacks. For example, the Internet Explorer zero-day was a part a larger malware distribution campaign.
Part of the reason we are seeing more zero-day vulnerabilities discovered these days is because of the growth of third-party security vendors. To keep up with ever-evolving arms race between attackers and potential victims, more organizations are asking for help, whether that's monitoring security logs, making sure their security technologies and policies are updated based on the latest threats or providing incident response after a breach has occurred. Having more expert eyes in the field is definitely one reason more zero-days are being detected.
Another silver lining in this zero-day outbreak is that it should encourage organizations to revisit their overall security practices. Businesses should consider how a multi-layer security strategy that includes up-to-date anti-malware technologies and network monitoring can help lower the threat risk. It's also critical to deploy a security awareness education program so that users can spot signs of phishing emails and potentially malicious websites. Finally, organizations should be prepared and have in place an incident response plan that has been recently updated and tested. If you cannot prevent exploitation, it's very important to be able to respond and recover from it in a timely manner.
Karl Sigler is threat intelligence manager at Trustwave.
Karl Sigler is Security Research Manager, SpiderLabs Threat Intelligence at Trustwave. Karl is a 20-year infosec veteran responsible for research and analysis of current vulnerabilities, malware and threat trends at Trustwave. Follow Karl on LinkedIn.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.