Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Managing the growing threat posed by zero-day attacks

Of all the security concerns that keep chief information security officers awake at night, the most difficult to manage are zero-day vulnerabilities, Rafi Katanasho of Dynatrace writes.

user icon
Mon, 17 Oct 2022
Managing the growing threat posed by zero-day attacks
expand image

These types of vulnerabilities are dubbed “zero day” because they are discovered in software when security teams had “zero days” to work on an update or a patch to remediate the issue. This means an organisation’s IT infrastructure is already at risk.

The term zero day is often linked to three different concepts: vulnerability, exploit, and attack. A zero-day vulnerability is an unknown software weakness that has been discovered by attackers before organisations can be made aware.

A zero-day exploit, meanwhile, is a technique attackers can use to take advantage of an organisation’s vulnerability and gain access to its IT infrastructure.

============
============

A zero-day attack therefore occurs when an attacker exploits these vulnerabilities and causes significant damage before an update or patch can be developed and deployed.

Detecting zero-day attacks

Zero-day attacks can be carried out in many different ways and can be very difficult for IT security teams to spot. One method of detection is to observe software behaviour and identify whether any activity is malicious.

Machine learning tools can also be used to identify data from previously known exploits to establish a baseline to guide future possible exploits. Application logs are a good data source for this method.

Another detection technique is statistics-based monitoring. This involves an organisation taking statistics from exploits that vendors have detected and feeding them into a system to learn and identify these attacks.

Increasing numbers

Around the world, security teams are reporting an increase in attempted attacks on zero-day vulnerabilities. One recent example was the widely reported Log4Shell vulnerability where, within a week of it being reported, Microsoft reported more than 1.8 million attempted attacks.

It transpired that Log4Shell was a widespread software vulnerability that occurred in Apache Log4j 2 which is a popular Java library for logging error messages in applications. The vulnerability enabled a remote attacker to take control of a device if that device was running certain versions of Log4j 2.

Another example was Spring4Shell which was a critical vulnerability that emerged in March this year and affects the Spring Java framework which is an open-source platform for Java-based application development. Spring4Shell is a very severe vulnerability since if an attacker exploited it, applications could be vulnerable to remote code execution (RCE).

Improving vulnerability management

To improve protection against future zero-day attacks, it’s important for organisations to implement a well-designed vulnerability management strategy. The strategy should focus on the important activities of identifying, prioritising, correcting, and reporting all vulnerabilities that occur.

As part of the process, an organisation should implement practices that cover the breadth of possible vulnerabilities and apply them to all IT systems. Such broad and thorough security practices ease the risk of a malicious actor compromising the organization’s IT services

The strategy should also incorporate the automation of vulnerability scanning to ensure security gaps are spotted as quickly as possible. Relying only on humans can significantly increase the level of risk.

When forming a vulnerability management strategy, it is important for security teams to consider several key factors when implementing processes and choosing tools. These factors include:

  • Achieving timely detection: it is most important that an organisation establish the ability to detect vulnerabilities quickly. The longer a security vulnerability goes undetected, the higher the risk that an attacker can exploit it.
  • Deploying up-to-date scanning tools: security teams should also focus on keeping their vulnerability scanning tools up to date with known risks and to ensure the tool is aware of new threats that have been discovered.
  • Not burdening overall performance: vulnerability management tools should ideally not adversely affect the overall performance of applications and services, but rather work in the background to provide constant and comprehensive protection.

The threat post by zero-day attacks is likely to continue to rise, so it is important for all organisations to take the steps needed to ensure their protective measures are as robust as possible. Early detection and response is the best way to ensure that any disruption and damage is kept to a minimum.

Rafi Katanasho is the APAC chief technology officer and solutions sales vice president at Dynatrace.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.