Microsoft Defence Report – Hackers Highly Target Publicly-Disclosed Zero-Day Vulnerabilities
Microsoft issued a warning about a rise in the use of publicly revealed zero-day exploits by threat actors in their attacks.
Researchers noted a shortening of the period between the disclosure of a vulnerability and its commoditization and noted the significance of the patch management procedure.
“As cyber threat actors—both nation-state and criminal—become more adept at leveraging these vulnerabilities, we have observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability. This makes it essential that organizations patch exploits immediately”according to the Digital Defense Report.
Generally, it often takes just 14 days for a vulnerability to be exploited in the wild once it has been made public, but it typically takes 60 days for the exploit code to be published on GitHub.
“While zero-day vulnerability attacks tend to initially target a limited set of organizations, they are quickly adopted into the larger threat actor ecosystem. This kicks off a race for threat actors to exploit the vulnerability as widely as possible before their potential targets install patches”reads the Digital Defense Report.
The report also says there are increasingly complex critical infrastructure cybersecurity policies in development across regions, sectors, and topic areas.
This activity brings great opportunities and significant challenges. Many nation-state actors have developed capabilities to create exploits from unknown vulnerabilities; China-linked APT groups are particularly proficient in this activity.
“China’s vulnerability reporting regulation went into effect September 2021, marking a first in the world for a government to require the reporting of vulnerabilities into a government authority for review prior to the vulnerability being shared with the product or service owner.” continues the report.
“This new regulation might enable elements in the Chinese government to stockpile reported vulnerabilities toward weaponizing them.”
List of vulnerabilities first developed and deployed by China-linked threat actors in attacks, before being publicly disclosed and spread among other actors in attacks in the wild:
- CVE-2021-35211 SolarWinds Serv-U;
- CVE-2021-40539 Zoho ManageEngine ADSelfService Plus;
- CVE-2021-44077 Zoho ManageEngine ServiceDesk Plus;
- CVE-2021-42321 Microsoft Exchange;
- CVE-2022-26134 Confluence;
Therefore, as soon as they are made public, Microsoft advises enterprises to prioritize patching zero-day vulnerabilities. It also suggests documenting and inventorying all enterprise hardware and software assets to assess their vulnerability to assaults.
Suggest an edit to this article
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
- Voice ID: How Secure is it Really? - 2 March 2023
- Enterprise users infected by RIG Exploit Kit thanks to Internet Explorer - 27 February 2023
- Google Open-Source Vulnerability Scanning Tool - 18 February 2023