ABOUT
In recognition of Cyber Security Awareness Month, RedLegg’s 96 Bravo team will be providing security focused content for the Information Security community, in hopes of proactively fostering a security conscious mindset. In this week’s diary, we’ll highlight the importance of understanding Zero-Day Vulnerabilities.
ZERO-DAY VULNERABILITIES
Understanding Zero-Day Vulnerabilities
Vulnerabilities are defects found in hardware and software components, often referred to as “bugs”. As a consequence, vulnerabilities are frequently leveraged by threat actors and used as attack vectors to compromise systems. In an effort to counteract this class of threats, security researchers monitor and investigate vulnerabilities to produce reporting, mitigation, and fixes for these computational flaws.
In a perfect world, vulnerabilities are reported promptly and ethically, allowing vendors a reasonable timeframe to develop and release patching. The reality is vulnerabilities are practically inherent. Moreover, there is a distinct classification of vulnerabilities that are obscure to the general public, known as zero-day vulnerabilities. These vulnerabilities are disclosed to the public before security engineers have a patch developed. This gives the developers zero days to respond to the security flaw and allows attackers to exploit it at will.
Zero-Day Attacks
Stuxnet Worm: The Stuxnet zero-day attack is regarded as one of the most compelling malware attacks carried out to date. The Stuxnet malware successfully exploited four separate zero-day vulnerabilities, coupled with multiple network infection routines, and a sophisticated Windows rootkit.
Log4J: Log4J is a more recent zero-day vulnerability that impacted Apache’s Log4J software library, specifically “Log4Shell”. Log4J is a critical remote code execution (RCE) vulnerability, commonly used in many applications, organizations, and technical products. The broad use of this software component facilitated a considerably more widespread attack.
Defense
Defending Against Zero-Day Vulnerabilities:
Security Monitoring – this is centered around the collection and analysis of potential security threats using automated processes and tools such as a SIEM.
Security Monitoring – this is centered around the collection and analysis of potential security threats using automated processes and tools such as a SIEM.
- Proactively defending against zero-day vulnerabilities begins with the collection of pertinent application logs and telemetry data via SIEM consumption.
- Proper log analysis will adopt an agile characteristic by leveraging tabulated log management with effective triaging skills.
Vulnerability Management & Threat Intelligence – the primary objective is to enhance the visibility of the threat landscape by managing asset inventory and monitoring for trending attack patterns.
- Enhanced visibility entails progressive reporting, management, and clarity on the systems/programs that are in operation and permitted across the network.
- A robust approach will also include threat intelligence to aid in quickly responding to vulnerabilities and prioritizing incoming risks.
Open-Sourced Resources
This Cybersecurity Awareness Month, consider ways you can #seeyourselfincyber! Listed below are open-sourced resources for the latest updates on vulnerabilities:
-
The NVD is a comprehensive publicly available database of reported known vulnerabilities.
- o The Cybersecurity & Infrastructure Security Agency (CISA) publishes vulnerabilities that are actively being exploited in real-time.