Zero-day Threats Zeroing-in Again
Zero-day vulnerabilities are one of the preferred attack techniques used by several attackers, and such attacks are increasing again. Threat actors are actively abusing new zero-day vulnerabilities to accomplish multiple goals such as espionage, gaining access, data theft, or malware delivery. Recently, a zero-day vulnerability has been discovered in Windows 10 which can corrupt an NTFS-formatted hard drive with a one-line command.
Recent zero-day attacks
Several attackers have been observed targeting their victims via zero-day attacks.
- A few days ago, some hackers had reset passwords for admin accounts on WordPress sites via abusing a zero-day vulnerability in Easy WP SMTP 1.4.2.
- Additionally, the Pegasus spyware was used to exploit a zero-day in the iMessage feature of iPhones.
Zero-day for access-as-a-service
Cybercriminals have been observed selling Zero-day vulnerabilities on the dark web for money, which is then used as an access-as-a-service, for deploying ransomware, malware, or for creating a botnet network.
Recent zero-day vulnerabilities
In the past two months, several well-known software and hardware vendor products have been found impacted by zero-day vulnerabilities. Most of these products belonged to Microsoft, WordPress, Apple, Hewlett Packard Enterprise, and D-Link.
- Recently, a zero-day local privilege escalation vulnerability was discovered in the Windows PsExec management tool.
- A few weeks ago, Google's Project Zero team disclosed a patched zero-day security vulnerability in the Windows print spooler API.
- Last month, a zero-day vulnerability (CVE-2020-7200) was discovered in Insight Manager (SIM) software for Windows and Linux.
- In addition, a number of D-Link VPN router models were having Zero-Day vulnerabilities.
Zero-day attacks usually abuse publicly unknown vulnerabilities, making it harder for organizations to detect them. Thus, experts suggest deploying a reliable web application firewall, always updating and patching software, using only essential applications, and having a multi-layered security architecture to protect their enterprise environment.