14 DAY TRIAL // IT security company FireEye has published a new report detailing the eleven zero-day vulnerabilities the company discovered last year. The same technology that was used to analyze these security holes was leveraged earlier this year to uncover two more zero-days.
“Advanced threats against enterprises today thrive on exploiting the unknown and evading blocking techniques thanks to a growing, global marketplace for selling software vulnerabilities,” explained Zheng Bu, vice president of security research at FireEye.
“The old security model of tracking known threats and relying on signature-based solutions are simply powerless to stop zero-day threats. The number of zero-day attacks profiled in the paper highlight why organizations need to take a new approach to security by combining next-generation technology with human expertise.”
FireEye discovered the following vulnerabilities in 2013: CVE-2012-4792, CVE-2013-0422, CVE-2013-0634, CVE-2013-0640, CVE-2013-0641, CVE-2013-1493, CVE-2013-1347, CVE-2013-3893, CVE-2013-5065, CVE-2013-3918 and CVE-2014-0266.
These zero-days have been used in the attacks that involved the websites of the Council on Foreign Relations, the LadyBoyle cyber espionage campaign, Tobfy ransomware attacks, an operation against Japanese organizations, the Sunshop campaign, the US Department of Labor watering hole attack, the Deputy Dog operation, and Operation Ephemeral Hydra.
“While FireEye's ‘Less Than Zero’ paper is a must-read for security professionals, it is equally important for business executives as a means for understanding what they are up against,” noted Jon Oltsik, senior principal analyst at the Enterprise Strategy Group.
“Today's sophisticated cyber adversaries can easily circumvent existing security controls, penetrate corporate networks, and may ultimately be used to steal extremely valuable data. CEOs must come to terms with these threats and make sure to align them with their overall risk management, business planning, and fiduciary responsibilities.”
The report highlights the fact that system-level protections set in place by many organizations are becoming less and less effective against zero-day attacks. Although DEP and ASLR systems are a step in the right direction, cybercriminals have started finding ways to bypass them.
Watering hole attacks are becoming more common because they can be highly efficient in targeting a certain industry. In such attacks, the victims come to the traps (compromised websites) set up by the cybercriminals, which means that they no longer have to worry about findings ways to penetrate the targeted organization’s systems.
The complete report on the zero-days identified by FireEye in 2013 is available on the company’s website. The whitepaper also contains some recommendations for organizations on how to protect their networks against cyberattacks that rely on zero-days.