Light Dark
January 18, 2016 By Kevin Beaver 2 min read
Advanced Threats
Malware

Given all the known security incidents and data breaches, it seems to me that the average person might be curious as to why all this nonsense is occurring, especially when periodic security testing is taking place. One would think that with all the security control audits, vulnerability scans and penetration testing in the average business, known security risks would be addressed. It’s simply not true, especially as it relates to zero-day exploits — system vulnerabilities for which there is no known fix.

The Trouble With Zero-Day Exploits

The complexity of the threats we face combined with the complexity of the typical network environment all but guarantees there is just no way to uncover all possible vulnerabilities and attack vectors related to advanced malware. Furthermore, the inherent nature of zero-day exploits makes those vulnerabilities unknown to begin with. It’s hard to protect against something that hasn’t yet happened.

Malware-driven zero-day exploits can be so complex that not even the most in-depth technical security testing and systems oversight could uncover them. It’s a great example of the philosophy “you don’t know what you don’t know.”

You can’t hit a target you can’t see. Odds are good that you’re not doing enough today to keep zero-day exploits under control. So what can you do?

The Best Defense

You most certainly need to keep performing your traditional security testing, but you also have to combine it with proven security controls that are layered across the enterprise. This often includes cloud access security broker technologies controlling data going out to the cloud and advanced malware protection at the network perimeter, as well as modern malware protection, adequate software patching and even data loss prevention at the endpoints.

Arguably, your users are the best line of defense to protect against phishing and related social engineering. They can also assist in the fight against email- and browser-based attacks that facilitate zero-day exploits.

If anything, ongoing security testing can serve to create a false sense of security — you think everything is OK when it’s actually not. There is no best way to combat this threat. It’s all of these security controls working in unison across the enterprise with the proper oversight that can truly protect the organization from zero-day exploits.

 |  | 
Kevin Beaver
Independent Information Security Consultant

More from Advanced Threats
November 6, 2023

GootBot – Gootloader’s new approach to post-exploitation

8 min read - IBM X-Force discovered a new variant of Gootloader — the "GootBot" implant — which facilitates stealthy lateral movement and makes detection and blocking of Gootloader campaigns more difficult within enterprise environments. X-Force observed these campaigns leveraging SEO poisoning, wagering on unsuspecting victims' search activity, which we analyze further in the blog. The Gootloader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2…

August 2, 2022

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature