Zero-Days On The Rise
& What You Can Do About It
Learn how PurpleSec’s experts can protect your business against the latest cyber attacks.
Author: Rich Selvidge, CISSP / Last Updated: 6/06/2022
Reviewed By: Jason Firch, MBA, Josh Allen, & Michael Swanagan, CISSP, CISA, CISM
View Our: Editorial Process
Table Of Contents
According to Mandiant Threat Intelligence’s newest research, there were a record number of zero-day vulnerabilities in 2021. In 2021, the company found 80 exploited zero-days, compared to only 30 in 2020.
Threat actors favored zero-day vulnerabilities in Google, Microsoft, and Apple products the most, illustrating the businesses’ attractiveness.
What Happened?
The Health Sector Cybersecurity Coordination Center (HC3) of the Department of Health and Human Services (HHS) released a threat brief in late 2021 describing the dangers and mitigation methods connected with zero-day attacks on the healthcare sector.
Mandiant discovered about two hundred zero-day vulnerabilities between 2012 and 2021. Mandiant only saw two zero-days in 2012. Zero-day exploits, on the other hand, have exploded in popularity in recent years across all industries.
The rise in cloud hosting, mobile, and internet of things (IoT) technologies, according to Mandiant, has increased the complexity of internet-connected devices.
Researchers said that as the variety of software options grew over time, so did the number of vulnerabilities.
Expansion Of The Exploit Broker Marketplace
The expansion of the exploit broker marketplace also likely contributes to this trend,” the paper stated, “with more resources being diverted toward zero-day research and development, both by commercial organizations and researchers, as well as threat groups.”
“Finally, improved defenses are likely allowing defenders to identify more zero-day exploitation now than in prior years, and more firms have tightened security practices to limit breaches via other routes,” says the report.
Zero-day vulnerabilities in the healthcare records application OpenClinic revealed patient test results in August 2020. After the developers failed to respond to allegations of four zero-day vulnerabilities, users were advised to discontinue using the open-source application.
Unauthorized actors were able to get files containing protected health information by submitting a request (PHI).
Pneumatic tube systems used by hospitals to carry bloodwork, test samples, and drugs were disrupted by the zero-day vulnerability known as “PwnedPiper” in August 2021.
The attackers were able to take advantage of weaknesses in the control panel software, allowing unauthenticated and unencrypted firmware changes.
Why Target Healthcare Data?
Because healthcare data is a high-value target, it may be particularly vulnerable to zero-day assaults.
Patching is also the most effective mitigating strategy, although it might be difficult to do on outdated systems and medical IoT equipment.
How PurpleSec Helps To Secure Your Organization
Our vulnerability management services and penetration testing services provide a holistic approach to securing what’s most important to you.
Who Is Using Zero-Day Vulnerabilities?
State-sponsored espionage outfits continue to be the leading threat actors using zero-day vulnerabilities, according to Mandiant.
Threat actors that profit on zero-day exploits, on the other hand, are on the rise.
Mandiant discovered a large number of suspected Chinese cyber espionage groups using zero-day exploits in 2021.
According to the research, China exploited more zero-day vulnerabilities than any other country between 2012 and 2021.
“We believe that significant campaigns based on zero-day exploitation are becoming more accessible to a broader range of state-sponsored and financially motivated actors,” according to the report, “including as a result of the proliferation of vendors selling exploits and sophisticated ransomware operations potentially developing custom exploits.”
The significant growth in zero-day vulnerability exploitation, especially in 2021, widens the risk portfolio for businesses in practically every industrial area and region.”
While exploitation peaked in 2021, there are signs that the rate of new zero-day exploitation declined in the second half of the year; still, zero-day exploitation continues at a high rate in comparison to prior years.”
What You Can Do About Zero-Day Vulnerabilities
When possible, organizations should look for automated solutions to lower costs, enhance efficiency, and improve the reliability of monitoring security-related information.
Security is implemented through a combination of people, processes, and technology.
Organizations should create a defense plan and prioritize addressing known vulnerabilities, according to the researchers.
Develop a continuous monitoring program to reduce the window of opportunity that bad actors can take advantage of.
Related Articles:
Rich Selvidge, CISSP
Rich is the CISO at PurpleSec, providing singular accountability for all information security controls in the company. He brings over 21 years of IT, healthcare, and security risk management experience.
HEALTHCARE
GOVERNMENT
CRYPTO