Light Dark
January 18, 2016 By Kevin Beaver 2 min read
Advanced Threats
Malware

Given all the known security incidents and data breaches, it seems to me that the average person might be curious as to why all this nonsense is occurring, especially when periodic security testing is taking place. One would think that with all the security control audits, vulnerability scans and penetration testing in the average business, known security risks would be addressed. It’s simply not true, especially as it relates to zero-day exploits — system vulnerabilities for which there is no known fix.

The Trouble With Zero-Day Exploits

The complexity of the threats we face combined with the complexity of the typical network environment all but guarantees there is just no way to uncover all possible vulnerabilities and attack vectors related to advanced malware. Furthermore, the inherent nature of zero-day exploits makes those vulnerabilities unknown to begin with. It’s hard to protect against something that hasn’t yet happened.

Malware-driven zero-day exploits can be so complex that not even the most in-depth technical security testing and systems oversight could uncover them. It’s a great example of the philosophy “you don’t know what you don’t know.”

You can’t hit a target you can’t see. Odds are good that you’re not doing enough today to keep zero-day exploits under control. So what can you do?

The Best Defense

You most certainly need to keep performing your traditional security testing, but you also have to combine it with proven security controls that are layered across the enterprise. This often includes cloud access security broker technologies controlling data going out to the cloud and advanced malware protection at the network perimeter, as well as modern malware protection, adequate software patching and even data loss prevention at the endpoints.

Arguably, your users are the best line of defense to protect against phishing and related social engineering. They can also assist in the fight against email- and browser-based attacks that facilitate zero-day exploits.

If anything, ongoing security testing can serve to create a false sense of security — you think everything is OK when it’s actually not. There is no best way to combat this threat. It’s all of these security controls working in unison across the enterprise with the proper oversight that can truly protect the organization from zero-day exploits.

 |  | 
Kevin Beaver
Independent Information Security Consultant

More from Advanced Threats
May 24, 2024

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

May 16, 2024

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

May 2, 2024

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature