If “zero-day exploit” hadn’t previously been a part of your vocabulary, 2016 is the year to make the term stick. Cisco’s annual report on the state of cyber security indicated a surge in the sophisticated hacks that fall under the zero-day heading. And that was before a number of recent events drew widespread concern from the cybersecurity field and the federal government.
In mid-August, the National Security Agency (NSA) announced that hackers had breached their networks and obtained classified data, including a number of zero-day exploits that the agency had been collecting for surveillance of several consumer software products. The NSA drew criticism from the cyber security community for stockpiling these cyber weapons, and it is currently investigating the impact of the breach. Analysts did their own research to find out whether hackers are putting the stolen exploits to use. (They are.)
At the end of the month, Apple made a statement regarding zero-day exploits, announcing that it would be releasing a security patch for iOS. The platform had been the target of multiple zero-day exploits, which an Israeli arms dealer was using to monitor several individuals, including a well-known human rights activist.
Zero-day exploits – sophisticated attack methods previous previously unknown to security researchers – present a particular challenge for cyber security programs. A vulnerability scan or standard monitoring program will not catch them, and they can make their way into systems silently, sometimes spending months there without being detected.
To secure against zero-days, the key is proactive intelligence and testing efforts that go beyond known databases to find potential risks before hackers do. Regular penetration testing and network analysis, then, are important aspects of an effective defense strategy.
Of course, not all organizations have the resources to take on these kinds of proactive testing measures. This is where third-party experts can step in. Through our managed security services program, Lunarline’s Hunt Team actively tests client networks, scouring for unregistered vulnerabilities that could lead to zero-day exploits. We also boast a full-scale penetration testing team that leverages years of experience and Lunarline’s innovative Sniper pen testing platform to find your risks before black hats do.