Cyber criminals are not lazy. Nor are they cheap with their Research & Development (R&D) money. They are running a business: a very serious business, which experts say will generate over ten trillion dollars per year of revenue by 2025. According to Cybersecurity Ventures, cybercrime is expected to grow at a rate of 15% per year for the next 5 years.
When mounting attacks, cybercriminals have a wide variety of tricks and schemes in their toolbox to choose from, but the alarming speed with which they are now able to exploit known vulnerabilities is astounding. Cybersecurity software provider Rapid7 recently updated their 2021 Vulnerability Intelligence Report. Their analysis shows that in the space of one year, the average time between the discovery of a vulnerability and a Zero-Day attack has collapsed from 42 days to just 12 days.
What is a zero-day?
When a developer or vendor discovers a flaw in their software that results in an exploitable vulnerability, it means they have ‘zero days’ to get it fixed. However, these vulnerabilities are rarely fixed in a day. A zero-day attack simply means that cyber criminals exploit the vulnerability before the developers get it fixed. Hackers usually discover these vulnerabilities before the developers do – after all, it’s their job. In the hacker’s world, Vulnerability = Money.
Regardless of the type of IT support you use, from the low-level Break/Fix ‘IT guys’ to the best Managed Services Providers (MSPs) it is rare for any of them to find these deeply buried vulnerabilities, because they wouldn’t even know where to begin looking. These IT services provide maintenance and repair – they don’t spend their time scouring through thousands or even millions of lines of code for these flaws.
Zero day vulnerabilities don’t send out alarms, and until something goes wrong, like an attack, finding them is like looking for a needle in a haystack – specifically because they have no indication that there is a needle at all.
A forensic analysis performed after a devastating attack often reveals the flaw. This is the main impetus for cyber criminals to step up their game. Essentially. This is like finding an ‘unlocked door.’ Hackers need to take advantage of it before someone sees it and locks it. The fact that in one year the hackers became three ½ times faster at mounting and performing successful attacks does not bode well for the future. As previously noted, these crooks are not lazy.
Three events occur to turn a Zero-Day into an attack:
1) A zero-day vulnerability is the software flaw itself. Often discovered by the hackers before the developers are aware of it. Occasionally it is the result of a network flaw due to inferior IT services.
2) A zero-day exploit is the method hackers develop that will enable a successful attack.
3) A zero-day attack is simply using the exploit to breach a network for criminal ends.
What are some of the most recent zero-day attacks?
Smaller attacks happen frequently, but the most widely-reported breaches are:
Marriott International in September 2018
Facebook in April 2019
Alibaba in November 2019
LinkedIn in June 2021
The personal information of over 2.2 billion customers or users was stolen In these four attacks alone.
It is a false assumption that huge companies are the only businesses being targeted, because the inverse is true. The overall #1 target of cybercrime are Small and Mid-size Businesses (SMBs). SMBs are hackers’ ‘bread and butter.’
Think back to ‘Goldilocks and the Three Bears.’ If Goldilocks were a cybercriminal, she would look for the victims that are best suited to her: Government and Multinational conglomerates are ‘Too Big.’ Grifter snatch-and-grabs against consumers are ‘Too Small.’ BUT, for the vast middle class of cyber crooks, where the greatest number of hackers are, SMBs are ’Just Right.’
Just like the Charlotte IT Support community has its own ‘pecking order, the ‘community’ of cybercrime has its own system of echelons or classes. The lowest on the totem pole are small time hoods breaking into consumer cell phones or home PCs to grab a couple hundred bucks.
High-level hackers attack governments and mammoth corporations. They are the hackers who make the news feed – and they are not looking for you or your business.
It's the mid-level crooks you need to worry about – and they are the most plentiful in number. This is a business, and day after day, they stay focused – on SMBs. In the past, the conventional wisdom among experts was that because of the 42-day lag-time between the discovery of a vulnerability, the development of the right exploit and then the attack itself, these attacks were more or less relegated to high-stakes criminals. When the ability to initiate zero-day attacks went from a month and a half to a week and a half, the mid-level thieves started jumping in with both feet.
What is the best protection against zero-day attacks?
There is never any guarantee of 100% protection. Because they are based on vulnerabilities discovered before the developer or IT crew have detected and fixed them, it is difficult to protect against them. The steps taken by either your in-house IT department or outsourced Managed Services Provider like ITFirm.com should be geared towards eliminating the lion’s share of attacks and mitigating the damage should any attacks be successful.
How to mount an effective zero-day defense.
Adopt and implement these tools:
1) Windows Defender Exploit Guard
2) Effective Patch Management
3) Next-Generation Antivirus (NGAV)
4) Incidence Response Plan (Part of a Backup & Disaster Recovery Plan)
Frequently Asked Questions
What type of threat is a zero-day?
A: Yes. They are quite common – especially since March of 2020. The Ponemon-Sullivan Privacy Report stated that the percentage of security breaches that came as the result of a zero-day attacks had already reached 80% by May of 2020. After that initial swelling, the percentage has gone down, but only because new, easier methods of attack are being developed every day.
What is the most famous zero-day exploit?
A: Although it is not the biggest breach in terms of the number of personal records stolen, the most notorious was the 2019 attack and breach of the Democratic National Convention (DNC) – if only by the sheer volume of media coverage and the political implications of the breach.
How many types of exploits are there?
A: There are five basic types of attacks and two methods of initiating the attacks:
Types:
Software: The most common – as explained above.
Hardware: Usually due to poor encryption or configuration.
Network: Due to a bad setup by an inferior IT services provider – poor encryption and Cybersecurity.
Personnel: The #1 weakness that leads to an attack – due to poor training and lack of strong policies.
Physical: Easy access to the physical network and servers.
Methods:
Remote Exploits: The most common, where the hack does everything using an internet connection.
Local Exploits: This requires previous physical access to the vulnerable network.
What is zero-day vs n day?
A: An n-day exploit is an exploited vulnerability where a patch is available, whereas no patch exists (yet) for a zero-day exploit.
How secure is your wireless network?
As a longstanding, reputable member of the Charlotte IT Support community, ITFirm.com offers a FREE, no-risk network and security assessment. We perform a non-intrusive scan that allows us to deliver a comprehensive report of the state of your system and its vulnerabilities that is yours to keep. There are no strings attached, and you are under no obligation to ever use our IT Services.
The two best defenses are next-generation Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider to ensure continued reliability and defenses against newly emerging threats.
We put our 100% Money Back Guarantee in writing, so there is no risk in trying us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.
Among the Managed IT services we provide:
IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)
Planning an Office Move?
Contact us today! We have the experience to ensure a seamless transition. After the move, your employees will arrive at the new location to find their IT infrastructure ready and open for business!
For more information on office moves, or to receive your FREE no-risk network and Cybersecurity assessment, just fill out the form on this page or call us at:
704-565-9705
