Detecting emerging vulnerabilities before they are exploited
Table of Contents
Companies must detect emerging vulnerabilities affecting their assets and anticipate the actions of cybercriminals
In May, Barracuda, a company specializing in security solutions for corporate mail and networks, made public that some of its 200,000 customers worldwide have been attacked as a consequence of the exploitation of a zero-day vulnerability in its email security gateway since October 2022. Criminals exploited this unknown vulnerability to deploy backdoors, gain persistence on compromised systems and steal data from companies and administrations. A few weeks earlier, Google had released a new version of its browser, Chrome, to patch another zero-day vulnerability exploited by hostile actors to target Chrome users.
These cases highlight the ongoing efforts by cybercriminals to find vulnerabilities and the need for companies to be able to detect emerging vulnerabilities before attackers exploit them to achieve their malicious ends.
Why are vulnerabilities so critical to companies? As the National Institute of Standards and Technology (NIST) points out, a vulnerability is «a weakness in computer logic found in software and hardware components».
This U.S. public body, a benchmark in research and knowledge creation in cybersecurity, emphasizes that exploiting a vulnerability can affect the confidentiality, integrity, and availability of IT assets and data of companies, public administrations, and citizens.
Hence, vulnerability management is one of the central aspects of any company’s security strategy with IT assets. And within this management, detecting emerging vulnerabilities to prevent their exploitation and the pernicious effects of a security incident is becoming increasingly relevant.
We will now discuss how companies can detect emerging vulnerabilities and prevent the risks associated with them.
1. Navigating an ocean of more than 200,000 vulnerabilities
As we have already pointed out on more than one occasion, the number of vulnerabilities detected each year is growing year by year. In 1999, 894 vulnerabilities were discovered. Last year the record was broken, with 25,227 new vulnerabilities noticed. This year, the number of known vulnerabilities has already surpassed the 200,000 mark.
The exponential increase in vulnerabilities is a logical process, considering that we live in an increasingly digitalized world. New software, applications, and devices are being released every day. As a result, the level of cyber-exposure of companies, institutions, and users is increasing.
We mentioned earlier that a few weeks ago, Google patched a zero-day vulnerability to which the Chrome browser was exposed. This decision is not anecdotal. In 2022, the multinational company patched nine zero-day vulnerabilities in its browser. And in 2021, up to 15 vulnerabilities were patched.
This scenario evidences the importance of detecting emerging vulnerabilities and mitigating them before hostile actors exploit them to attack an organization and its customers.
At this point, it is essential to mention that among this growing number of security holes, two categories of vulnerabilities are emerging: day 0 and day one vulnerabilities. In the case of the former, these are breaches discovered before the provider is aware of their existence. Precisely because of this lack of knowledge, there is no patch to correct the vulnerability, making it highly likely that an attack will be successful.
In the case of the latter vulnerability, the manufacturer has published a patch to correct the incident. However, cybercriminals analyze the functionalities patched to develop exploits on systems that are still vulnerable because they have not been updated.
2. Supply chain attacks and the domino effect
In addition to the increase in the number of vulnerabilities and attacks exploiting zero-day and day-1 vulnerabilities, there is also a boom in software supply chain attacks. In other words, episodes in which a vulnerability is found and exploited in a component used in multiple software packages and used by numerous companies.
The concatenation of day 0 and 1 vulnerabilities and supply chain attacks has led to security crises such as the infamous Log4Shell, a vulnerability affecting the open-source library Log4J, used by thousands of Java applications and enterprise software worldwide.
The malicious exploitation of the Log4Shell vulnerabilities (three others joined the original) triggered a domino effect that affected global companies such as Amazon, Apple, IBM, Tesla, and Cisco.
In software development, using ready-made components is essential to speed up the process and reduce costs. Enjoying these advantages must go hand in hand with an increased awareness of the consequences of supply chain attacks and the duty to implement security throughout the software lifecycle.
The Log4Shell case highlighted the need for companies to have cybersecurity services to detect critical emerging vulnerabilities affecting their technology infrastructure, including all third-party components, before hostile actors successfully exploit them.
3. Manage known vulnerabilities and emerging vulnerabilities
As noted above, vulnerability management is one of the core activities of a company’s defensive layers. This management must be carried out throughout its entire lifecycle:
- Discover vulnerabilities affecting the company’s assets.
- Analyze vulnerabilities.
- Prioritize the remediation of security flaws, depending on the impact of vulnerability exploitation on the business.
- Propose measures to remediate the weaknesses found.
- Verify that the mitigation of vulnerabilities has been carried out successfully.
When it comes to comprehensive vulnerability management, not only known vulnerabilities, i.e., those that have been published in the past, must be taken into account, but it’s also crucial to detect emerging vulnerabilities that may affect business assets.
That’s when emerging vulnerability service comes into play, which focuses on analyzing a company’s assets on an ongoing basis to detect which ones are exposed to critical vulnerabilities, both day zero and day one, which can trigger serious security problems.
4. What does a 24/7 Emerging Vulnerabilities Service consist of?
Tarlogic Security’s Emerging Vulnerabilities service proactively monitors customers’ perimeter to detect emerging vulnerabilities to which their IT assets may be exposed. To do this, cybersecurity professionals proceed to assess newly discovered vulnerabilities that:
- May present a high impact and massive affectation.
- Are within the perimeter of the company that has contracted the emerging vulnerabilities service.
To do so, the team in charge of detecting emerging vulnerabilities implements four strategic actions:
- Inventory. The professionals in charge of the emerging vulnerabilities service must continuously monitor the perimeter to discover assets in it.
- Proactive detection. For proactive detection capabilities to be optimal, it is necessary to have the knowledge and experience of professionals from different areas: cybersecurity, cyber intelligence, and Threat Hunting. Collaboration between all of them facilitates the early detection of new vulnerabilities.
- Filtering and analysis of vulnerabilities. When a vulnerability is discovered or becomes known after its publication, the team in charge of detecting emerging vulnerabilities must analyze its level of impact and check its presence in the company’s perimeter. Not all vulnerabilities have the same level of criticality, and not all are present at an organization’s perimeter.
- Notification. Professionals immediately notify the company whether or not the emerging vulnerability affects the organization’s technological infrastructure.
All these activities are carried out continuously, 24 hours a day, seven days a week. Thus, the ability to detect emerging vulnerabilities and take action to address them before they are exploited is characterized by agility and efficiency and serves to prevent security incidents and their economic, legal, and reputational consequences.
5. The five benefits of detecting emerging vulnerabilities and managing them comprehensively
What do companies that have a service to detect emerging vulnerabilities 24/7 achieve?
Throughout this article, we have pointed out some of the benefits associated with proactive monitoring of a company’s perimeter to detect emerging vulnerabilities that could affect its assets. Below, we will point out five direct benefits of having an emerging vulnerabilities service, such as Tarlogic Security, provided by experienced professionals who are up to date with the latest developments in the fast-changing world of cybersecurity.
5.1 Coordinated reaction to a zero-day or day-1 vulnerability
Several teams and professionals are involved in defending a company against cyber threats. Coordination is, therefore, of paramount importance when planning security strategies and making them effective.
This coordination is even more relevant when detecting emerging vulnerabilities and triggering an efficient response to them.
An emerging vulnerability service must therefore be able to coordinate a company’s reaction when a zero-day vulnerability with a high level of impact is published. Otherwise, the management of the emerging exposure will be deficient and chaotic.
5.2. Rapid and standardized analysis
Beyond coordinating the actions to prevent the risks associated with a zero-day or day-1 vulnerability, the team performing the emerging vulnerabilities service must conduct a rapid analysis of the company’s perimeter.
To do this, it will use an up-to-date inventory of the entire enterprise technology infrastructure and implement standardized tests to check whether or not the vulnerability discovered can affect the enterprise and how hostile actors can exploit it to carry out a successful attack.
With this analysis, which must be agile and accurate, an adequate response to the risks associated with an emerging vulnerability can be designed and implemented.
5.3. Design, adaptation, and continuous verification of countermeasures
If, after analysis, the team in charge of the emerging vulnerabilities service concludes that a vulnerability affects the company’s IT infrastructure, what can be done?
- Define the appropriate countermeasures to mitigate the vulnerability or reduce its associated risks.
- Constantly update the available information on the emerging vulnerability and adapt the countermeasures based on new data as it becomes available.
Both the design of countermeasures and their adaptation according to the information available are necessary actions to prevent the exploitation of a vulnerability and the risks associated with this malicious action.
Suppose a company doesn’t implement the appropriate actions to manage a vulnerability that affects one of its assets. In that case, it runs the risk of suffering a security incident that damages its business model, its operations or jeopardizes confidential business and customer data.
It’s also vital that practitioners deploy procedures and tests to verify that the countermeasures that have been implemented are working correctly.
5.4. Reducing the exposure surface and closing the window of opportunity
Detecting emerging vulnerabilities affecting business assets and implementing countermeasures serves two directly related objectives:
- Reduce the company’s surface of exposure to cyber threats.
- Close the window of opportunity for hostile actors, who can exploit a vulnerability to compromise business assets, launch a successful attack and accomplish their malicious objectives: fraud, extortion, destruction, data exfiltration, and paralysis of the company’s operations.
The trickle of security incidents associated with exploiting zero-day and day-1 vulnerabilities is continuous. In a fully digitalized world like ours, companies must place cybersecurity at the heart of their business strategies. It’s critical having the ability to detect emerging vulnerabilities and to be able to manage them in an agile and comprehensive manner to close the cybercriminals’ path to the heart of a business.
5.5. Anticipation against hostile actors
The last of the benefits of detecting emerging vulnerabilities at a company’s perimeter and taking action to respond to them lies in the ability to anticipate hostile actors. In what way?
After detecting emerging vulnerabilities affecting IT assets, professionals can analyze the tactics, techniques, and procedures that cybercriminal groups can implement to exploit these vulnerabilities.
This ability to anticipate implies having advanced cybersecurity, cyber intelligence, and threat-hunting knowledge and tools. Since it is not enough to study the vulnerability in question, it is necessary to understand the tactics, techniques, and procedures of malicious actors and what routes they can use to exploit various vulnerabilities and achieve their goals.
If an organization can anticipate criminals, it will increase its resilience against attacks that exploit zero-day vulnerabilities to compromise business assets.
6. S.T.A².R.S., a unit specialized in researching new vulnerabilities
The previous point illustrates the importance of innovation and research in cybersecurity.
Criminals are constantly designing tools and procedures to exploit vulnerabilities in the technological infrastructure of companies and institutions. As such, cybersecurity professionals must also make an ongoing effort to unravel the modus operandi of malicious actors and increase the resilience of organizations in the face of cyberattacks.
To optimize detecting emerging vulnerabilities, analyze them and help mitigate them, Tarlogic has the S.T.A2.R.S. unit. This team, made up of cybersecurity specialists with extensive knowledge and long experience, continuously analyzes emerging vulnerabilities to generate knowledge helpful in detecting and mitigating emerging vulnerabilities in business assets.
Thus, the work of the S.T.A2.R.S. unit enriches both the vulnerability management service and the service specialized in emerging vulnerabilities to help companies deal with these weaknesses.
In addition, as part of Tarlogic’s commitment to innovation and knowledge transfer, this unit specializes in detecting emerging vulnerabilities and studying them in-depth, and also publishes analyses on new critical vulnerabilities, including:
- Description of the vulnerability and what it can be used for by hostile actors.
- Requirements that must be met for it to be exploited.
- Criticality level based on the CVSS indicator.
- Actions to detect the vulnerability.
- Procedures to mitigate the vulnerability as quickly and efficiently as possible.
In short, detecting emerging vulnerabilities has become a strategic activity to deal with the increase in attacks that exploit vulnerabilities and impact the software supply chain. The emerging vulnerabilities service actively monitors the perimeter of companies to detect vulnerabilities that may affect their technological assets.