Threat Intelligence Blog

Posted February 27, 2019

When it comes to breaches, we have seen this time and again: an exploited vulnerability that costs organizations millions of dollars, and consumers their private data. Zero-Day vulnerabilities are software flaws or bugs that are unknown to the software developers, and don’t yet have a patch, providing a perfect opportunity for an enterprising hacker to create an “exploit”–a type of malware specifically targeting these software vulnerabilities– costing organizations millions of dollars, and consumers their private data.

In fact, nearly 60% of organizations have cited they’ve been breached due to an unpatched vulnerability. Whether a lone wolf or a nation-state takes advantage of these vulnerabilities, the results could be catastrophic.

Vulnerabilities and Threat Actors

Data breaches caused by zero- one-day vulnerabilities are likely ones that have already affected your organization. In 2017, Equifax revealed that a breach had implicated Personally Identifiable Information (PII) of 148 million Americans. The cause of the breach? Out-of-date software that went unnoticed for 76 days. All it takes is for one bad actor to find these vulnerabilities.

One of the earliest examples of a zero-day vulnerability is a worm that infected Iranian nuclear plants. The worm slowed down the centrifuges in the plants, shutting them down completely. Upon investigation, it was found that only a nation-state could be capable of such a large scale attack with such dire consequences. Vulnerabilities and exploits like these attack every industry vertical, leaving no enterprise safe. Understanding whether your organization is targeted in these types of attacks is crucial.

One lone-wolf actor, Luxor2008, was discovered selling one-day software exploits on Russian Dark Web forums. A reputable seller of dangerous malwares, Luxor2008’s malware was being sold to other criminals at a price-point of 10,000 USD. The specific malware exploit, CVE-2018-8453, enables the user to bypass the Supervisor Mode Access Prevention, and is undetected by security solutions like Kaspersky Total Security 2019. The nature of this exploit could cause serious damage, and because this actor only sells on one marketplace, it is difficult for law enforcement to catch.

The Seemingly Simple Fix

These vulnerabilities are often easily fixed by patching and updating regularly; you know this, of course. It’s part of the Cybersecurity ABCs. So why don’t more organizations patch and update regularly? Many organizations wait to patch these software issues to make sure they won’t affect anything else on their systems. Often, end-point users of enterprise computer systems are not in control of patching and updating their computers—their IT department is. Updating systems may cause a void to the system warranty or licensing terms, causing a delay in patching. However, this leaves the attack window open for a threat actor to take advantage of the vulnerability. The key to defending against these vulnerabilities? Anticipating the attacks before they occur with a tailored threat model.

Proactive Solutions

When assessing your organization’s patch management cycle, it is necessary for your security experts to prioritize the deployment of patches and updates. With different patches posing distinct challenges, understanding the motives behind threats as well as the relevancy of the threat to your organization is paramount to your security.

It’s not enough to just know about threat actors and unpatched vulnerabilities. Organizations need these vulnerabilities to be put into the context of their organization’s security. From there, they can understand if a) they are a certain threat actor’s target and b) if yes, do they have sufficient security relating to that actor’s specific TTPs. Otherwise, that threat will likely be of high relevance to your organization. This is where risk scoring, gap analysis, and threat modeling become highly valuable to your security analysts.

Using a platform where you can create a tailored model of an adversary, then score that threat based on relevance helps analysts to pinpoint exactly the highest priority issues and where there are gaps in the organization’s security posture. LookingGlass’ ScoutThreat™ platform allows your analysts to do just that – create robust and tailored threat models, score those threats, and then perform gap analysis. Organizations can no longer afford to have a defensive strategy — learn more about LookingGlass ScoutThreat here.

Additional Posts

The Silent Threat: Third Party Cyber Risk

Third party risk is now a common and dangerous issue, costing organizations around the globe an ...

ScoutThreat

ScoutThreat by LookingGlass, helping disseminate intelligence by assigning risk scores, and ...