The Zero Day Attack Hits Keep Coming – You’d Better Have a Plan

There are some seriously dangerous cyber threats constantly lurking in today’s digital world. They go on the move silently, undetectable to even the most current signature-based antivirus/antimalware solutions. They can wreak havoc for weeks, or longer, before even the giants of digital industries know they exist at all. They can compromise millions of systems and provide a launching pad for countless other types of cyber attacks. The culprit? Zero Day attacks.

We recently covered one of the big Zero Day attacks that affected millions around the globe, the Microsoft Exchange Server Zero Day Attacks, but that fiasco, as large as it was, was by no means alone.  For example, the world’s most popular browser, Google Chrome, suffered three documented Zero-day attacks since March! The latest involves what is known as a Use-After-Free Zero Day Flaw, which allows hackers to exploit the incorrect use of dynamic memory during a program’s operation. If a program does not clear the pointer to a particular area of memory after freeing that location, an attacker can use the error to hack the program. After a month of it being “in the wild” a fix was issued.  The flaw and the fix are now covered in the Common Vulnerabilities and Exposures (CVE) list under CVE-2021-21193 and ranks 8.8 out of 10 on the CVSS (Common Vulnerability Scoring System) vulnerability-rating scale, making it High Severity. The CVE list is maintained by the MITRE Corporation and funded by the National Cybersecurity Division. It is part of the National Vulnerability Database (NVD) and is a central resource in the world of cybersecurity. If you want to know more about the other two Chrome Zero Day exploits, they are covered under CVE-2021-21191 and CVE-2021-21192.

Google and Microsoft were certainly not alone in being victimized by Zero Day attacks recently. On April 20, 2021, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (“CISA”) issued a Cyber Activity Alert (AA21-110A) and an Emergency Directive (21-03) regarding vulnerabilities in Pulse Connect Secure products.  Pulse secure has now issued a fix under CVE-2021-22893.

How about one more just to drive the point home. In March, three Zero Day vulnerabilities in SonicWall’s Email Security (ES) product were being exploited in the wild. The most critical of the three (CVE-2021-20021), ranked 9.8 out of 10 on the CVSS vulnerability scale, making it of Critical Severity. It allowed an attacker to create an administrative account by sending a crafted HTTP request to the remote host, and the last thing in world anyone needs is an attacker inside the gates with administrative access to your network and systems. The next most dangerous was CVE-2021-20022, with a 7.8 (High Severity) CVSS ranking, which allowed attackers to upload arbitrary files to the remote host. And last but not least there was CVE-2021-20023 which ranked 4.9 (Medium Severity) on the CVSS scale and allowed a post-authenticated attacker to read an arbitrary file on the remote host.

Why Are Zero Day Attacks So Hard to Spot?

Most antivirus and malware detection programs are based on analyzing, comparing and matching the digital footprint of a possible threat to an internal database of threats that have been previously detected, reported and documented. That’s why we all have to go through those seemingly never-ending updates to our antivirus programs, that’s how the database is updated and the newest threats are added to the list of what the scanners look for. That inherent flaw in our scanners is what makes a Zero Day threat so dangerous. A Zero Day threat is pristine and undocumented. From the very first day a particular threat is ever deployed (Zero Day) until that threat is noticed, reported, documented and added to the index, it is an unknown. As far as standard protection goes, unknown means invisible – and when it comes to cyber threats, invisible can definitely mean trouble.

How can GDF help?

GDF’s vulnerability assessments and penetration tests are designed to see where your cybersecurity posture stands right now.  We will review policies and procedures to identify patch management issues, use threat signature databases updated to detect these latest threats during our testing, test for existing intrusions/compromises, and we can help you in multiple ways from an Emergency Incident Response perspective, from helping you create/review/maintain an effective Emergency response plan, to being able to get boots on the ground to respond to your breach or intrusion with our Emergency Response Teams strategically positioned around the country to give you unrivaled response times.  We even have remote options available using agents which can be remotely deployed across tens of thousands of endpoints enterprise-wide in as little as two hours, with all the components being up and running withing 24 hours. Once a threat is detected, the network is analyzed and the unique automated response and cross-system remediation capabilities spring into action – remediating the threat in real time. Your system will also be constantly monitored by a 24/7 SOC team and be constantly updated with front-line security intelligence to ensure rapid response. For our Vulnerability assessment and penetration testing clients, we also offer no retainer SLAs (Service Level Agreements) so you can have GDF waiting in the wings to respond to your emergency without having to pay anything if no emergency incident occurs, since we will already be intimately familiar with your unique cybersecurity posture and requirements from our assessments and testing.

So call GDF at 1-800-868-8189 today, or fill out the form below and we’ll contact you, and let’s get started.

*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cybersecurity and emergency incident response, with years of experience assisting clients in the government, banking, legal, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to call 1-800-868-8189 for immediate help. For more information, visit GDF's cybersecurity page.