Innocuous-seeming online activities put your organization at risk on a daily basis. A bug recently discovered in the popular web-based grammar checker Grammarly, for instance, leaked the authentication tokens of millions of users. Not many people would predict that installing a widely-used app plug-in or browser extension to help improve their spelling could result in strangers being able to access all their data, including logs and documents, at other websites they visit.
Fortunately, Grammarly closed the loophole within only a few hours after Google reported finding it in the Grammarly Chrome extension. The Google team called this “really impressive response time.” But such fast turnaround is the exception rather than the rule.
The Grammarly bug is an example of a “zero-day threat,” an attack that takes advantage of a security vulnerability in hardware or software — an operating system, browser or application — that is not yet known to the software developer. The name stems from the fact that there are zero days between the discovery of the vulnerability and the attack, and no patch has yet been publicly released.
Global researcher Cybersecurity Ventures forecasts that by 2021, zero-day exploits reported will increase to one each day, compared to one each week in 2015. Here are some other examples of exploits disclosed so far in 2018:
A vulnerability in the core of the popular content management system would allow a denial-of-service attack to be executed remotely. A researcher at Imperva, the security company that discovered the flaw, said the vulnerability is so simple that it could be used by a low-skilled actor to take down an unprotected WordPress website. Yet WordPress reportedly said it wouldn’t patch this flaw and recommended other mitigation techniques.
● Storage Apps
Cloud-based ransomware, like Shurl0ckr, infected web-based applications and was distributed via phishing and drive-by downloads (downloads that happen automatically when you visit a webpage). In most instances, it was undetected by the app providers. Researchers found many infected storage/collaboration apps, including a 55 percent infection rate for Microsoft’s OneDrive, 43 percent rate for Google Drive, and 33 percent rate of infection for Dropbox and Box.
● Adobe Flash Player
A Flash exploit delivered via the web as well as via Office documents and emails affected most Windows versions and browsers, along with Linux and MacOS devices. The security flaw allowed malicious actors to take full control of infected machines and was used by sophisticated North Korean actors against South Korean researchers.
● Transmission BitTorrent
A critical zero-day exploit in the popular BitTorrent client could allow websites to execute malicious code on end devices. The hackers could then remotely take control of the BitTorrent interface. The bug affected several browsers on Windows and Linux OS.
Why Zero-Day Exploits Are Dangerous
Hackers create malware and other exploits to manipulate security “holes” in software and hardware for financial and other gains. According to nonprofit research organization RAND Corp., zero-day exploits can be developed very quickly. In fact, median development time is 22 days. Yet the vulnerabilities and their associated exploits have a very long shelf life. RAND found that the average life expectancy was 6.9 years, while 25 percent made it past 9.5 years.
Zero-day exploits are becoming more dangerous and are increasingly being used by nation-sponsored hackers and other highly sophisticated actors. These cybersecurity threats can cause extensive financial damages. The mind-boggling losses due to the WannaCry ransomware illustrate the potential devastation. FedEx alone estimated that WannaCry cost the company $300 million; some estimates put the total global economic losses at $4 billion and others as high as $53 billion.
How You Can Protect Your Endpoints
Prevention is the best way to protect your endpoints from breaches. Zero-day flaws are particularly challenging for organizations since security experts don’t know what threats to look for and guard against. However, taking these steps can help you protect your systems from zero-day attacks:
Patch software and update browsers.
This best practice will not prevent a zero-day attack. However, executing a policy of regular patching and updates will protect you from exploits once patches for the vulnerability are available.
Way too many users become victims of cybercrimes because they fail to apply patches when they are issued, and continue to use unpatched browsers or applications for months and even years. This is unfortunate, but not surprising, considering the sheer volume of updates and the diligence required to apply them.
Consider this: The Zero Day Initiative published about 170 zero-day patches that were released in just one 6 week period, through mid-February of this year, affecting a variety of web-based software including a security-management platform.
Don’t rely on antivirus.
Signature-based antivirus software offers no defense against zero-day threats since it’s based on signatures of known threats. Newer antivirus solutions use behavior-based antivirus protection that looks for malicious behavior — but this technology is not full-proof either, since new exploits sometimes exhibit new behaviors.
Reduce the attack surface.
According to Gartner, “browser-based attacks are the leading source of attacks on users”, and keeping all browser-executable code off endpoints reduces the attack surface. Remote browser isolation is the most effective way to protect against zero-day attacks, since it ensures that no browser-executable code runs on the endpoints, protecting them from unknown as well as known threats.
How Remote Browser Isolation Works
Remote browser isolation solutions create a secure airgap between the endpoint and the Internet—a safe zone for browsing, in which all code executed away from the endpoint. Websites are rendered in the remote virtual browser, where all executable code remains until it is destroyed at the end of each session, along with any malware. Only an interactive, completely safe content stream reaches the browser on the user device, in real time.
While web-borne zero-day attacks can sneak past your firewall and antivirus solutions, remote browser isolation protects your organization from risk without changing the user experience.
To reduce overhead for implementation and management, look for a clientless remote browser isolation solution that requires no endpoint installation or plug-ins. Be sure that the solution you choose can scale up quickly, works well with all security infrastructure, and supports all devices and operating systems.
With all the zero-day threats out there, organizations need to find new ways to proactively guard against them. As part of a multilayered defense, remote browser isolation lets you stay in front of Internet-based threats.