Have you ever read stories of a massive data breach and wondered – “how fast are these hackers today?” I have also asked that question. There is a simple answer to that question: zero-day exploit chains. Zero-day exploit chains are powerful, they are quick, and they are extremely difficult to stop.
I have followed the progression of the cyber security industry for years; every time a zero-day chain is discovered, I save sure to say, "Wow, this is getting out of hand." Now, let's put this in more simple terms.
Now take the incident and introduce two or three of these vulnerabilities that are now linked together. That is a zero-day chain, which is a shortcut that invites an attacker to move carefully into a system.
Ever wonder why a company is scared when a zero-day is discovered? Because an attacker can leverage these vulnerabilities to move through firewalls, antivirus and even multiple-factor authentication (MFA).
So here is the follow-up question, what makes zero-day exploit chains so dangerous:
Here is how they do it in simple terms:
Step 1: Gain Access
The hackers use the first zero-day vulnerability to gain access to the systems.
Sometimes just one small weakness is enough.
Step 2: Move Further
The hackers use another vulnerability to jump to an area with increased sensitivity, and you can tell one issue leads to another.
Step 3: Exfiltrate Data
Finally, the hackers have one more vulnerability that allows them to grab data without alarms kicking off.
Then the hackers leave with anything the company deems valuable (passwords, emails, financial files, etc.).
Generally by the time the company detect some level of anomaly, the hackers are long gone.
Here are the better options:
I have followed the progression of the cyber security industry for years; every time a zero-day chain is discovered, I save sure to say, "Wow, this is getting out of hand." Now, let's put this in more simple terms.
What is the Issue With Zero-Day Exploit Chains?
A zero-day vulnerability is a defect that is not known to the public. No code. No defect. Nothing.Now take the incident and introduce two or three of these vulnerabilities that are now linked together. That is a zero-day chain, which is a shortcut that invites an attacker to move carefully into a system.
Ever wonder why a company is scared when a zero-day is discovered? Because an attacker can leverage these vulnerabilities to move through firewalls, antivirus and even multiple-factor authentication (MFA).
So here is the follow-up question, what makes zero-day exploit chains so dangerous:
- A vulnerability through a zero-day means that there is no patch to halt the attack
- Multiple vulnerabilities link together to give attackers pathways in a target system
- Attackers remain in the target for some time due to the fact that no tools exist to expose an unknown vulnerability on a network
- Breaches take place fast, sometimes in minutes.
Here is how they do it in simple terms:
Step 1: Gain Access
The hackers use the first zero-day vulnerability to gain access to the systems.
Sometimes just one small weakness is enough.
Step 2: Move Further
The hackers use another vulnerability to jump to an area with increased sensitivity, and you can tell one issue leads to another.
Step 3: Exfiltrate Data
Finally, the hackers have one more vulnerability that allows them to grab data without alarms kicking off.
Then the hackers leave with anything the company deems valuable (passwords, emails, financial files, etc.).
Generally by the time the company detect some level of anomaly, the hackers are long gone.
How to Defend Against these Types of Attacks
You cannot patch a zero-day immediately, but you can still minimize the exposure.Here are the better options:
- Real-time monitoring
- Behavioral-based detection (looking for anomalous activity versus known threats)
- Network segmentation (don't keep all the data of importance in one place)
- Fast response teams
- Regular threat hunting