There are many types of threats that can impact a computer or other types of infrastructure. For I.T. professionals such as the folks here at Diligex, staying one step ahead of the threats to keep your data safe is a critical part of our jobs. But there is one type of security threat that can strike fear into the hearts of those tasked with maintaining system security and it is known as a zero-day vulnerability. In this post, we’ll discuss zero-day vulnerabilities and how to protect against them.
You may have heard about some zero-day vulnerabilities in the news even if not referred to as such. Recently, a massive cyberattack resulting in data breach occurred as a result of a zero-day vulnerability in software developed by the company SolarWinds which made headlines around the world. But this attack was far from the first of its kind nor will it be the last. In fact, a new critical zero-day vulnerability in Microsoft’s Windows Server product was disclosed to the public while typing this article!
Just because severe exploits like these are discovered does not mean though that your network or computers are immediately in danger. There are many variables that can come into play when assessing how a zero-day vulnerability can impact an organization. So what exactly is a zero-day vulnerability and what can be done to protect yourselves from their exposure? Read along to find out.
So what exactly is a zero-day vulnerability? The term describes a security flaw in network and computer systems that has yet to be patched by the manufacturer of the affected system. The “zero-day” portion comes from old verbiage referring to the theft of data software prior to its release. When a vulnerability is described as “zero-day”, it means that the manufacturer has no days left to get it patched without it becoming a risk to the public.
Lets not beat around the bush here. Zero-day vulnerabilities and the exploits used to wreak havoc are frightening. And depending on the impact, potential recovery could be costly, timely, or both. But just because a zero-day vulnerability is discovered in a product that you use does not mean that you are in any immediate danger. A lot of exploits need a variety of factors to be in their favor in order to be successful. For example, a critical zero-day vulnerability was discovered earlier this year that affected very popular storage devices (NAS) from manufacturer QNAP. By exploiting flaws in QNAP’s code, malicious attackers were able to perform global port scans and infiltrate the internal storage of these devices. Once inside, a ransomware attack destroyed the integrity of all files it found. Thousands of people and businesses around the globe found their data destroyed and possibly irreparable.
The QNAP attack, which was dubbed Qlocker, is just one of many such examples. But lets dig a little deeper into it to see how the attackers got in and what could be done to prevent a similar occurrence in the future.
In early April 2021, QNAP disclosed critical vulnerabilities CVE-2020-2509, CVE-2020-36195, and CVE-2021-28799. Two of these issues were focused around SQL injection vulnerabilities which is when an exploit is used to perform unauthorized manipulation of a SQL database. The other was the disclosure of a vulnerability that allowed improper device authorization through the use of a commonly used data backup utility on the device. Through these exploits, the Qlocker malware was able to install itself and run amok.
QNAP was quick to fix the vulnerabilities in their code but this required performing firmware updates to the devices. And unfortunately, a large portion of the infected QNAP userbase likely had no idea of the need until it was too late.
But how come only some QNAP devices were exploited and not all? Well, that comes down to two main reasons. First is simply time. The attacker needed to first find the device on the internet before it could inject itself. If a QNAP device got patched prior to being found, it was safe. But the second reason is much more important and that is exposure to the internet. In order for the attacker to penetrate the device, it has to find the device. Many people and businesses have exposed their QNAP devices to public internet for convenience or remote access. But QNAP devices that were only exposed to their local private network, such as a company’s office building, were safe from harm due to being undiscoverable on the public internet.
Each zero-day vulnerability is unique and requires different action. In the case of QNAP’s, the first step would be to make sure your device is not discoverable on the internet. If in doubt, turn it off and disconnect it until a proper determination can be made.
So how can you protect yourself from zero-day vulnerabilities? The best way is to be diligent about keeping your systems up to date with the latest security patches and firmware upgrades. The release notes for them can be quite lengthy and boring but it is likely that they contain security fixes. When vulnerabilities get patched by the manufacturer, they use those updates to get the fixes out to affected devices.
Equally as important is ensuring that your network security is hardened. You want to make sure that you are not exposing any of your systems outside of your local network unless absolutely necessary. If you have a device or service that requires inbound traffic, such as a web server, it should live in its own segregated network such as a DMZ to minimize the exposure in the event that it is compromised. When possible, any opened inbound ports should be limited to what is absolutely necessary and only accessible by specific sources. If available, use VPN connectivity instead of exposing the ports.
At Diligex, security is one of our core values. We take all security threats seriously and keep a close eye on zero-day vulnerabilities in order to minimize the impact to our customers. If you are not a Diligex Total Care client and would like further information about how we can help protect your business, click here to contact us and we’ll be in touch.
Zero-day vulnerabilities may be scary but they don’t have to impact you. Contact us today if you think your business is in need of our proactive watchful eyes.