If the recent WikiLeaks dump of the CIA's digital arsenal (replete with zero-day vulnerabilities) hasn't left you considering the impact undisclosed cyberthreats can have on your organization, then perhaps these statistics will:
- Between 2013 and 2015, the prevalence of zero-day threats increased 125 percent, according to Ars Technica.
- In Q4 of 2016, 30 percent of malware was new or zero-day, according to a report by WatchGuard.
A rise in any type of cyberthreat is disconcerting, but zero-days are especially difficult to defend against since they're literally brand new threats that have existed for less than 24 hours, hence the name "zero-day." In some cases, hackers will actually discover these vulnerabilities in source code first, and even exploit them for months before researchers become aware of their existence. That's exactly what happened in the recent case of CVE-2017-0199, a bug in Microsoft Word that allowed hackers to trigger remote code executions through the software. The existence of the threat was announced in early April, but cybercriminals had been privy to it since January.
The important question now is, what's triggering the rise in zero-day vulnerabilities, and what can organizations do to protect themselves against these threats?
The main culprits: Open source and … better cybersecurity?
Open source, more code
"The application attack surface expands by 111 billion new lines of software code every year."
According to Gartner, open source lines of code will be used in 99 percent of critical applications by the end this year. This is problematic because it means that if a hacker finds a vulnerability in those readily available lines of code, he or she can exploit them to the ends of the Earth. To an extent, we've already seen this happen several times over, for instance, in the notorious case of Heartbleed. This bug in the OpenSSL cryptographic library enabled remote executions on Internet of Things devices and other endpoints using vulnerable iterations of the open-source tool.
Also, according to Cybersecurity Ventures, the application attack surface expands by 111 billion new lines of software code every year. As a result, it's expected that we'll see one zero-day threat per day by 2021, compared with the one per week we saw in 2015.
This one probably made you scratch your head, but it actually makes perfect sense. As organizations become more security-conscious, they will also be more meticulous about patching for vulnerabilities and adhering to best practices. In response, hackers must innovate and find new weaknesses to exploit.
This isn't to suggest that organizations are better off not patching, as they just become the low-hanging fruit for attackers. Rather, it's just a reminder that change is the only constant. When we raise the bar, hackers step up their game.
Cyberthreat detection, IR are the best defenses
You can't stop zero-day threats from occurring, and you certainly can't program a firewall to identify malware that has a mutated or brand new signature. However, you can detect unusual or unprecedented activity on your network, and have an incident response plan in place to address those events – and you can do it without spending millions of dollars every year on an in-house security operation center.
Managed detection and response (MDR) is a growing market that is centered around providing the same threat detection and IR capabilities as a best-in-class enterprise SOC. As malware innovation and mining for zero-day threats become priorities among cybercriminals, businesses need a way to identify the early signs of these new attacks on their networks.
Because at the end of the day, you can't defend yourself against a threat you never knew was there.