Zero-days Are Becoming More Zero

Zero-day vulnerabilities are vulnerabilities for which no patch is yet available and therefore the hardware or software manufacturer has had “zero days” to create a fix. Once the vulnerabilities are identified, hardware and software vendors rush to publish patches, fixes, or some other work around. But, at the same time, the bad guys are aware of the vulnerability and are working to exploit it to take advantage of the situation.

Every year hackers get faster at exploiting issues - one study found that zero-day vulnerabilities were exploited 87% faster in 2022 as compared to 2020. Tihis leaves less time for the patches to be developed and released by the vendors, and less time for your team to implement the fix. Therefore, we all need to stay prepared and get faster at responding.

The most dangerous zero-day vulnerabilities may be those that impact network edge devices such as firewalls, web servers, email servers, load balancers, etc.) In 2023 there were several critical zero-day vulnerabilities for edge network devices (Citrix Bleed, FortiOS, and others) that significantly impacted businesses. Always prioritize patching Internet facing systems and devices!

It can be overwhelming when the bad guys always seem to be one step ahead, but having the following plans, processes, and teams in place can help improve your odds of success:

• Monitor vendor and trade publications for zero-day exploits that may impact your systems. Subscribe to threat intelligence services and updates from your vendors.
• Understand and document your network so that you know where your vulnerabilities systems exist, and you are prepared to act when needed.
• Reduce your Internet exposure to the minimum required.
• Prepare and practice incident response procedures to implement emergency patching.
• Keep your systems updated and patched so that you aren’t playing catchup when the patch for the zero-day is released.
• Build a defense in-depth cyber security infrastructure so that you limit the risk of the zero-day exploit.
• Run periodic vulnerability scans and audits to identify any issues that you may have missed.

The best thing we can do for Zero-day vulnerabilities is to be like a Boy Scout and “Be Prepared”!

Authored by: David McCabe, MBA, ISC2 CC