Zero-Day Exploits - The Toughest Battle of All

JOE CISO on August 02, 2018 | 777

The war against malicious malware and hackers has raged for decades. For every defensive solution, new attack vectors are envisaged, created and deployed by cybercriminals, the 'Bad Guys.'

The 'Good Guys' are in continual catch-up mode. No matter how hard they try, there is a lag between the first attack and a security fix.

And then there’s the toughest battle of all: zero-day exploits.

Zero-Day Exploits and Zero-Day Vulnerabilities

Just to be sure we're all on the same page, here's a simple definition of the terms under discussion:

zero-day vulnerability is a security flaw or vulnerability in a system or device that has just been discovered and has not yet been patched or otherwise mitigated. An exploit that leverages a zero-day vulnerability is called a zero-day exploit.

From Day Zero on, both the software vendor and the cybercriminals must work quickly. For vendors, it is essential to provide their users a patch just as soon as possible, in order to safeguard their systems and data. For the ‘Bad Guys’, this is a golden opportunity; an unlocked door through which they can access and exploit IT systems to their own ends.

And it gets worse - even with the fix available, it can still take days, weeks, months, even years, to implement a security patch!

The delays are often for valid reasons; business, and technology incompatibility and testing, etc. Sadly, sometimes, they are just overlooked........

Whatever the excuse, in the meantime, you're vulnerable!

Standard defenses are powerless against zero-day exploits.

Conventional security systems detect threats based on malware signatures and URL reputation. However, zero-day exploits use unknown vectors. Thus, traditional tools just cannot provide an adequate defense.

High-Profile Zero-Day Attacks

Until patches are applied, zero-day exploits can be launched and executed. Often these attacks stealthily steal information without the victim's knowledge. For instance, the Yahoo breach(es) started with a spear-phishing email – all it took was one employee to take the bait and click for attackers to gain access to 3 billion accounts.

One of the most famous (or infamous) examples was the Stuxnet worm, which stealthily exploited four separate vulnerabilities. Not only did it have a devastating impact on Iran's nuclear enrichment facility at Natanz, it then escaped; affecting many networks worldwide.

And, let's not forget the more recent high-profile attacks on the Democratic National Committee (DNC), which exploited a combination of at least six Zero Day vulnerabilities (Microsoft Windows 10, Adobe Flash, and Java) to steal data. These highly 'successful' attacks used social engineering tactics to entice users to click on malicious links in spear phishing emails.

The Common 'Link'

Common to most Zero Day exploits (and other attacks) is the use of a web browser as a primary attack vector. Often, it’s as simple as the mistaken clicking of a single link. For instance:

  • The Yahoo attack (referenced above) started with a spear-phishing email. It took just one person clicking on a link for the infection to happen. And it was only two years later that it became apparent.
  • The Equifax attack was due to a Cross Site Scripting (XSS) vulnerability, a favorite tool of many cybercriminals that can leave even 'safe' websites susceptible to malicious exploitation.
  • The Docusign attack employed a web link to a downloadable Word document that infected the network.

Clearly, the Internet and web applications are still the most effective pathway for distributing malware. Furthermore, even web browsers and browser extensions, are themselves subject to Zero Day vulnerabilities.

All this creates a massive headache for any security professional; in fact, for EVERY one of us who browse the internet.

........Just who, or what website can we trust?

Safe Browsing

The Internet has become an indispensable tool for all of us. In order to make it a safe environment, we need to think outside (or actually inside) the box.

An ideal solution would separate physical browsing from the network and the user, while still ensuring:

  • a full and seamless browsing experience
  • full physical isolation of the browsing environment from the user/organizational network
  • complete sanitization of all downloadable files within the isolated environment, before they can be brought inside the network
  • eradication of all residual files or commands when the browsing session is completed

.....that would be the solution to satisfy all our needs, wouldn't it?

And it EXISTS.

Remote Browser Isolation

Organizations worldwide are already benefiting from a secure browsing solution that we call Ericom Shield. Ericom Shield uses remote browser isolation to protect organizations against web-borne threats, isolating all active website content in a secure remote environment where it can’t harm your network and user devices.

Since most Zero-Day exploits leverage web browsers to do their malicious work, securing the browsing environment eliminates a key ‘link’ in the attack chain and helps seal a critical gap in your defenses against previously unknown threats.

To learn more about how you can proactively secure your organization from the evolving threat landscape, download our on-demand webinar featuring EMA Research Director, Steve Brasen, and Ericom Director of Product Marketing, Daniel Miller.

 

Sign up here to download or listen online

 

 

Author | 17 Blog Posts

Joe CISO

Joe CISO is the information security professional responsible for protecting the organization from all cyber threats, including ransomware, dirve-by donwnloads and zero-day exploits. | Ericom Software

Recommended Articles