Discussing zero-day attacks is interesting for all security experts, from CISOs to journalists, whether the talks occur at conferences or within enterprises. The reason for this is quite obvious: The exploitation of unknown vulnerabilities, which are also referred to as zero-day vulnerabilities, is quite aggressive and could create serious problems for an organization. In fact, the victim is absolutely exposed, unaware of any action that could be taken to mitigate the risk.

The Cost of Security Vulnerabilities

Knowing how to react to such vulnerabilities when they arise is important. Naturally, that means there is a market cost associated with preventing, detecting and responding to zero-day vulnerabilities. Similarly, malware with the capabilities to exploit such weaknesses has a cost, as well, and many malicious attackers are willing to pay if they think the end results will be profitable.

The risks associated with zero-day vulnerabilities are well-established, and there are technologies developed to limit such risks. But a more interesting topic of discussion may center around how organizations decide whether they are a likely target of a zero-day attack. If I’m exposed to risks due to a zero-day vulnerability, for example, I hope no one will know about it, and it’s unlikely they would. That is, unless someone is willing to pay money to exploit the weakness and carry out an attack. But organizations must first decide whether they are important enough — or have data that is important enough — for someone to spend the money to launch an attack. Depending on the answer, they may be better served focusing their resources on other cybersecurity issues.

Zero-Day Vulnerabilities Aren’t the Only Concern

We shouldn’t underestimate the severity of the zero-day exploits, but what about the more well-known vulnerabilities? These could be just as dangerous to an organization, even if a security team is prepared for them. If a vulnerability is well-known, the attacker could simply perform some research to see who is affected and what can be done to exploit the weakness. This is facilitated by the fact that most of the Internet uses the same foundations — operating systems, application servers, protocols, etc. — so it’s relatively easy to carry out these malicious instructions.

If the vulnerability is well-known, very likely providers have made patches available. This could be useful if the patch is installed, but adding fixes to a program is not always immediate. And even in situations when the fix is completed in a timely manner, enterprises may still be at risk. Patches represent a sort of map for the attacker. The patch is a small portion of code that can be used to understand how to exploit the vulnerability, specifically in places where it has not been installed. It’s no surprise that if the attention of the cybersecurity world is on zero-day vulnerabilities, malicious actors can still infiltrate organizations. Many of the publicized attacks involve very well-known vulnerabilities.

Organizations and security professionals will always have to pay attention to zero-day vulnerabilities, but do not forget a proper vulnerability management system integrated within your security intelligence platform. This will reduce your risk of attack dramatically — and reduce the costs.

More from Advanced Threats

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

Detections That Can Help You Identify Ransomware

One of the benefits of being part of a global research-driven incident response firm like X-Force Incidence Response (IR) is that the team has the ability to take a step back and analyze incidents, identifying trends and commonalities that span geographies, industries and affiliations. Leveraging that access and knowledge against the ransomware threat has revealed tools, techniques and procedures that can often be detected through the default Windows event logs (WELs). In particular, the X-Force IR team has identified several…

How to Report Scam Calls and Phishing Attacks

With incidents such as the Colonial Pipeline infection and the Kaseya supply chain attack making so many headlines these days, it can be easy to forget that malicious actors are still preying on individual users. They're not using ransomware to do that so much anymore, though. Not since the rise of big game hunting, anyway. This term marks ransomware actors' shift away from attacks against individual users and towards operations targeting large enterprises, noted CNBC. But attacks like phishing and…