Some major brands have been rocked by zero-day attacks and vulnerability discoveries in recent weeks.
A popular plug-in for WordPress is the subject of a zero-day vulnerability that may expose more than 700,000 sites to malicious exploit. The WordPress File Manager plug-in is generally used to allow website users to upload image files, but a flaw in the plug-in’s file type checking could enable users to upload a file with an embedded web shell. That web shell could then be used to launch a site takeover against the victim.
While an updated WordPress version fixes the problem, estimates are that hundreds of thousands of sites are still using the vulnerable version.
While WordPress was grappling with its issues, Cisco warned customers of a zero-day vulnerability:
“Cisco warned its customers last weekend that it has become aware of a zero-day vulnerability that it is working to fix by developing a patch. The flaw involves Cisco’s iOS XR Software, an operating system for carrier-grade routers and networking devices used by telecommunications and data-center providers.
No longer just for state actors
Zero-day attacks are no longer reserved for the most sophisticated and well-funded cyber criminals. Researchers point to the dissemination and development of more hacking tools that allow for speedier and less costly ways to exploit zero-day weaknesses. Despite so many people working from home, rise in zero-day attacks are on the rise, presenting some unique challenges for MSPs.
Smarter MSP caught up with Chiheb Chebbi, a cybersecurity expert based in Tunisia, who has studied zero-day attacks, and has some advice for MSPs.
Chebbi says the first step is to differentiate between normal cyber attacks and zero-day attacks.
TYPICAL ATTACKS: “In normal attacks, black hat hackers usually exploit known vulnerabilities to gain access to systems,” Chebbi tells SmarterMSP.
ZERO-DAY: “Bad hackers exploit what we call “zero-day” vulnerabilities where the vendor doesn’t know about these vulnerabilities,” he adds.
In other words, according to Chebbi, attackers find vulnerabilities and then write, from scratch, malicious code to exploit them. This type of attack is widely used in “APTs” (advanced persistent threats), and Chebbi attributes the rise in zero-day attacks to several factors. To begin with, businesses have always had a target on their back for these types of attacks, even before the pandemic, however he says hackers are capitalizing on COVID chaos to prey upon people’s vulnerabilities.
Next, the increasing work-from-home dynamic is also a contributor. Chebbi advises that a lack of clear WFH policies, combined with the absence of suitable safeguards on personal devices, are contributing to the rise of zero-day attacks.
Chebbi adds that businesses are especially vulnerable to zero-day attacks, particularly healthcare, government, and any company with highly valuable data (patents, trade secrets, etc..).
Steps for safeguarding against zero-day attacks
Chebbi recommends MSPs and IT professionals implement the following:
-
- Awareness sessions for employees
- WFH policies
- Frequent data backups
- End-point protection mechanisms and tools such as AVs
- Care when downloading apps on PCs and mobile devices
- Strong email gateway security
Chebbi advises that awareness sessions are different than training sessions and should be differentiated and deployed accordingly. Training, Chebbi notes, is usually performed to impart new skills, while “awareness sessions” are committed to acquiring new behaviors.
“In other words, how to be protected from social engineering attacks and detect red flags, how to be protected from malicious emails, and what to do when detecting malicious apps, etc.,” Chebbi says. Often hackers are successful not when someone isn’t trained, but when there’s a lack of behavioral awareness.
“Most employees are well trained, they know how to perform their jobs, but sometimes they are not well-aware when it comes to cybersecurity attacks and threats,” Chebbi adds.
Zero-day here to stay
Chebbi says that zero-day attacks aren’t going to go away. “In the future attackers are going to try to automate their attacks, be more focused and efficient using ‘machine learning’ and ‘adversarial learning’. For example, they will automatically profile targets with high accuracy and perform computer-based social engineering attacks automatically. Also, they will be able to build tools to find and exploit zero-day vulnerabilities automatically,” he concludes.
And while there is a growing arsenal of tools for hackers to use to cheaply and efficiently deploy zero-day attacks, MSPs also have powerful next-generation tools at their disposal. For instance, Barracuda Networks goes beyond the traditional signature-based capturing and instead uses a blend of signature matching, heuristic and behavioral analysis, and static code analysis to pre-filter traffic and identify the vast majority of threats. And if that doesn’t do it, any remaining suspicious material will be filtered through a sandbox.
So, the takeaway is that hackers are getting a lot more zero-day tools, but so are IT professionals.
Photo: nito / Shutterstock