The news has been full of stories regarding cyber security data breaches leading to massive dumps of zero-day exploits, inciting fear and confusion in the public without fully explaining the situation. An example of this is the recent Wikileaks Vault 7 dump of CIA hacking tools. Before that, it was The Shadow Brokers and Equation Group who leaked the NSA's Tailored Access Operations tools.What is ironic is that it wasn't a zero-day that was used to acquire these tools. It was a contractor who was responsible. Ultimately he was the pawn of higher level threat actors. How he was compromised is a subject of speculation.
What is a Zero-day exploit?
A Zero-day exploit is a vulnerability that has been discovered in an application, unknown to the vendor who created it. This means the vendor has known about it for zero days and thus has had zero days to patch this vulnerability. These undisclosed vulnerabilities are useful to criminals, militaries, and governments. However, the usefulness and lifespan of these tools are limited. The RAND corporation recently released a report about zero-day exploits which recognizes that although the actual impact of zero-day exploits is unknown, because of the cost of research, development, and their ephemeral nature, zero-days account for very few, but some very high profile hacks (see Stuxnet ).
How can we protect against Zero-day?
PATCH YOUR SOFTWARE! Many zero-day exploits get patched over the course of an application's lifecycle. Avoid using software that has reached EOL (end-of-life) as it retains what are called "immortal" exploits since the maintainer will never patch them. The recently discovered Apache Struts vulnerability which allows for remote code execution was patched, but many institutions are still vulnerable. All of the iOS exploits disclosed in the Vault 7 dump have been patched by Apple (most were already patched). So it is important to update your software to the latest stable version whenever possible. Actual zero-day exploits (which are considered to be "alive" since they have yet to be discovered) cannot technically be protected against, as no one other than the attacker is aware of the vulnerability. Limiting your attack surface is the first step in preventing the use of zero-day exploits against you or your organization. This means limiting publicly accessible infrastructure and staying aware of Common Vulnerabilities and Exposures. Securable has a tool in its Digital Footprint module that checks your organization for Common Vulnerabilities and Exposures. Digital Footprint addresses vulnerabilities such as Heartbleed, Struts, and Shellshock. Realize that your largest attack surface is your people. Socal engineering, re-used passwords, Phishing, and Malvertising are far more common methods of compromising a target. Securable helps educate users about the best practices for avoiding this type of exploitation. Preventing an attacker from gaining access to your organization through its people limits your attack surface and susceptibility to zero-day exploits.
Stay up to date and remain vigilant. Intelligence about common attack vectors and data loss prevention is your number one defense against data breaches, ransomware, and zero-day exploits compromising your information.
Check out our Digital Footprint tool for yourself.