Zero-day vulnerabilities are one of the preferred attack techniques used by several attackers, and such attacks are increasing again. Threat actors are actively abusing new zero-day vulnerabilities to accomplish multiple goals such as espionage, gaining access, data theft, or malware delivery. Recently, a zero-day vulnerability has been discovered in Windows 10 which can corrupt an NTFS-formatted hard drive with a one-line command.
Recent Zero-day Attacks
Several attackers have been observed targeting their victims via zero-day attacks. A few days ago, some hackers had reset passwords for admin accounts on WordPress sites via abusing a zero-day vulnerability in Easy WP SMTP 1.4.2. Additionally, the Pegasus spyware was used to exploit a zero-day in the iMessage feature of iPhones.
Zero-day for Access-as-a-service
Cybercriminals have been observed selling Zero-day vulnerabilities on the dark web for money, which is then used as an access-as-a-service, for deploying ransomware, malware, or for creating a botnet network.
Recent Zero-day Vulnerabilities
In the past two months, several well-known software and hardware vendor products have been found impacted by zero-day vulnerabilities. Most of these products belonged to Microsoft, WordPress, Apple, Hewlett Packard Enterprise, and D-Link.
Recently, a zero-day local privilege escalation vulnerability was discovered in the Windows PsExec management tool. A few weeks ago, Google’s Project Zero team disclosed a patched zero-day security vulnerability in the Windows print spooler API.
Last month, a zero-day vulnerability (CVE-2020-7200) was discovered in Insight Manager (SIM) software for Windows and Linux. In addition, a number of D-Link VPN router models were having Zero-Day vulnerabilities.
Conclusion
Zero-day attacks usually abuse publicly unknown vulnerabilities, making it harder for organizations to detect them. Thus, experts suggest deploying a reliable web application firewall, always updating and patching software, using only essential applications, and having a multi-layered security architecture to protect their enterprise environment.