Given all the known security incidents and data breaches, it seems to me that the average person might be curious as to why all this nonsense is occurring, especially when periodic security testing is taking place. One would think that with all the security control audits, vulnerability scans and penetration testing in the average business, known security risks would be addressed. It’s simply not true, especially as it relates to zero-day exploits — system vulnerabilities for which there is no known fix.

The Trouble With Zero-Day Exploits

The complexity of the threats we face combined with the complexity of the typical network environment all but guarantees there is just no way to uncover all possible vulnerabilities and attack vectors related to advanced malware. Furthermore, the inherent nature of zero-day exploits makes those vulnerabilities unknown to begin with. It’s hard to protect against something that hasn’t yet happened.

Malware-driven zero-day exploits can be so complex that not even the most in-depth technical security testing and systems oversight could uncover them. It’s a great example of the philosophy “you don’t know what you don’t know.”

You can’t hit a target you can’t see. Odds are good that you’re not doing enough today to keep zero-day exploits under control. So what can you do?

The Best Defense

You most certainly need to keep performing your traditional security testing, but you also have to combine it with proven security controls that are layered across the enterprise. This often includes cloud access security broker technologies controlling data going out to the cloud and advanced malware protection at the network perimeter, as well as modern malware protection, adequate software patching and even data loss prevention at the endpoints.

Arguably, your users are the best line of defense to protect against phishing and related social engineering. They can also assist in the fight against email- and browser-based attacks that facilitate zero-day exploits.

If anything, ongoing security testing can serve to create a false sense of security — you think everything is OK when it’s actually not. There is no best way to combat this threat. It’s all of these security controls working in unison across the enterprise with the proper oversight that can truly protect the organization from zero-day exploits.

More from Advanced Threats

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

4 min read

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

4 min read - Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

4 min read

Detections That Can Help You Identify Ransomware

12 min read - One of the benefits of being part of a global research-driven incident response firm like X-Force Incidence Response (IR) is that the team has the ability to take a step back and analyze incidents, identifying trends and commonalities that span geographies, industries and affiliations. Leveraging that access and knowledge against the ransomware threat has revealed tools, techniques and procedures that can often be detected through the default Windows event logs (WELs). In particular, the X-Force IR team has identified several…

12 min read

How to Report Scam Calls and Phishing Attacks

5 min read - With incidents such as the Colonial Pipeline infection and the Kaseya supply chain attack making so many headlines these days, it can be easy to forget that malicious actors are still preying on individual users. They're not using ransomware to do that so much anymore, though. Not since the rise of big game hunting, anyway. This term marks ransomware actors' shift away from attacks against individual users and towards operations targeting large enterprises, noted CNBC. But attacks like phishing and…

5 min read