This year, researchers and cybersecurity firms claimed to have discovered the highest number of zero-days under active exploitation.

Making the headlines

Researchers at HP Wolf Security recently found that a cybercriminal group exploited a new zero-day a week before the patch was issued.
  • The flaw, tracked as CVE-2021-40444, is an RCE exploit that can be triggered simply by tricking a victim into opening a malicious Microsoft Office document.
  • Researchers spotted automated scripts on Github that could let even less sophisticated attackers target vulnerable organizations.
  • Proof of concept scripts was out in the market four days before a patch was available for organizations.

How attackers weaponize zero-days

Experts emphasize and underline factors around the success of zero-day attacks.
  • More zero-day exploits are commoditized and distributed to the mass market in venues, such as dark web forums.
  • As per the latest findings, hackers are increasingly using JavaScript downloaders to evade malware detection while exploiting zero days.
  • The delivery of the Trickbot Trojan via HTML application (HTA) files has further eased up the malware deployment process since infection begins as soon as the file is opened, and such uncommon file types are less likely to be spotted by detection tools.

Recent zero-day attacks

  • Kaspersky unearthed a cyberespionage campaign exploiting a zero-day in Windows to deliver MysterySnail RAT and steal data. Experts suspected its connection to a Chinese-speaking APT. The exploited bug, tracked as CVE-2021-40449, was already patched by Microsoft earlier this month.
  • Over 100,000 Apache HTTP servers vulnerable to a zero-day vulnerability are at risk of attacks as threat actors had started exploiting the flaw.

Stay safe

Zero-day exploits are spreading at a faster pace than ever via maldocs and other stealthy ways to slip past detection tools. To protect against these, organizations need to ensure zero trust principles. Threat isolation as part of a layered defense helps filter risky tasks, separating them to disposable, isolated VMs - away from the host OS. Now, if a maldoc is mistakenly accessed, the malware would have nowhere to go and nothing to infect. This way the malware becomes harmless and organizations remain safe.

Cyware Publisher