Many firms are unable to keep up with the pace at which hackers sabotage vulnerabilities they find.
Even though there is generally a short period of time between the discovery of an exploit and its correction, malevolent actors are quite successful in utilizing that window and causing havoc.
According to new research published by HP based on data gathered from its Wolf Security suite, this is the case.
It studied “billions of attachments, web sites, and downloads with no reported breaches” to grasp malware in the wilds’ behavior, and discovered that the typical time it takes for a firm to apply, test, and fully deploy a patch with all necessary verification checks is 97 days.
While a “highly capable” criminal would be required to exploit such a vulnerability at first, crooks have started developing automation scripts that have significantly lowered the bar for entry.
Zero-day CVE-2021-40444, a remote code execution flaw in Microsoft Office documents that allows exploitation of the MSHTML browser engine using Microsoft Office documents, was discovered on September 8th.
HP’s threat research team noticed scripts designed to automate the creation of this exploit being shared on GitHub just a couple of days after the initial bulleting was published – on September 10th.
The patch was released on September 14.
A layered approach
This vulnerability was particularly serious. Attackers can easily compromise the target device with almost no user interaction.
Once the harmful file reaches the endpoint, all users must merely preview it in File Explorer – they don’t have to open it or run any macros. Even just previewing the file gives hackers full access to the computer, allowing them to install backdoors and escalate their efforts.
“We expect threat actors to adopt CVE-2021-40444 as part of their arsenals, and potentially even replace common exploits used to gain initial access to systems today, such as those exploiting Equation Editor,” commented Alex Holland, Senior Malware Analyst, HP Wolf Security threat research team, HP.
Dr. Ian Pratt, Global Head of Security for Personal Systems, HP, claimed that while detection alone will not be enough in this increasingly hostile threat environment, with 89 percent of malware delivered via email and 12% of email malware skirting at least one gateway scanner, it is an essential component.
Following zero trust principles and taking a layered approach to endpoint security are required to stay safe in today’s dynamic risk environment, according to Dr. Ian Pratt.
Subtly charming pop culture geek. Amateur analyst. Freelance tv buff. Coffee lover