Researchers with Mandiant have released findings on 80 zero-days exploited “in the wild”, a surge in verified zero-day exploits over the course of the last year. Additionally, Google’s Project Zero said Tuesday that they tracked 58 cases of zero-day exploits in the wild last year. 2021 accounted for 40% of zero-day attacks undertaken in the last decade. That’s massive explosion of zero-days which means that users are less safe as a result.
I have two comments from industry experts. The first is from Saumitra Das, CTO and Cofounder, Blue Hexagon:
“Zero-day exploits and variants of malware that go after them have been on consistent rise as attackers invest in automation and research. Many of the zero-days discovered in old software like print spooler (print nightmare) are being discovered by overseas research teams. These can then be weaponized at scale and quickly by attackers using mutated malware to get in. In many cases, attacker use an existing foothold and simply try out a new POC at a victim.”
The second comment is from Chris Olson, CEO, The Media Trust:
“Not only is the number of zero-day attacks rising, but malicious actors are exploiting them faster than ever before. In December, Chinese actors were targeting the Log4Shell vulnerability only hours after its initial disclosure. With the cybersecurity landscape dominated by increasingly sophisticated threat actors, we can expect the incidence of zero days to rise in 2022, especially with heightened political tensions around the world.”
“In response, organizations should be particularly vigilant against underemphasized attack surfaces such as websites and mobile apps if they want to protect their customers. Based on our observations, we expect a rise in attacks based on polymorphic and obfuscated code, rapid URL shifting and other advanced techniques to deliver ransomware and other malicious executables.”
Zero-days are now the new normal, which means that organizations need to hunt down these threats make sure your ensure their defences are on point. Because the bad guys are out there hunting for zero-days that they can exploit. Which means that you are under threat as a result.
Mandiant Discovers Pro Chinese Information Operations Campaign
Posted in Commentary with tags Mandiant on August 4, 2022 by itnerdMandiant today has released their findings on an ongoing Pro-PRC IO campaign leveraging infrastructure from a Chinese PR firm to spread content to inauthentic news sites. Mandiant identified at least 72 suspected sites and a number of suspected social media assets which disseminate content strategically aligned with the political interests of the People’s Republic of China (PRC). The sites present themselves primarily as independent news outlets from different regions across the world, publishing content in 11 languages. The sites are believed to be linked to Shanghai Haixun Technology Co., Ltd, a Chine PR firm.
Chris Olson, CEO of The Media Trust had this comment:
“By now it’s widely recognized that the Web is a dangerous tool for spreading propaganda, manipulating elections and changing public opinion – but we rarely recognize how deep the problem goes. Aside from creating fake websites to spread their message, foreign adversaries regularly leverage otherwise legitimate news platforms to spread their stories in the U.S and around the world.
With the help of third-party code – which includes promoted content features and programmatic advertising – nation-state actors can reach consumers across social media and entertainment sites, mobile apps, news platforms and more. Until publishers, developers and legislators commit to defending our digital borders – not just our physical ones – misinformation and propaganda will continue to spread unchecked.”
This really underscores the line “don’t believe everything that you read”. But you can buy into the Mandiant report and it is very much worth reading as the detail level of this campaign is excellent and will give you a great view into how this campaign works.
Leave a comment »