Zero Day Revelation to Attack Reduces

Monday, August 10, 2015 @ 01:08 PM gHale

Throughout the manufacturing automation sector, there remains a patching quandary. If there is a vulnerability, just how long is it before a user can implement a patch.

The issue is you can’t bring down a continuous process like a refinery or a chemical plant just to install a patch, but on the other hand, if there is a Zero Day floating around and attackers are starting to exploit it, what can you do?

Security Fears for Execs Keeps Rising
Working to Secure Smart Cities
Multi-Tasking Leads to Incidents: Report
Average DDoS Attack Size on Rise

The good part was there was always a bit of lag time from when the discovery of the vulnerability and with the exploits started to jump into play.

That lag time is starting to dwindle as some exploits are coming out the same day a discovery ends up unveiled. That is not good news.

In one case, Adobe pushed out a patch for a flaw on July 8, but three exploit kits — Magnitude, RIG and HanHuan – employed exploit on July 8, 9 and 10.

“This particular zero day continues to illustrate the trend of shorter and shorter times between publicly available information of the existence of a zero day and integration into exploit kits,” Malwarebytes’ researchers said.

While a same day, or almost same day, exploit is not the norm, in the last ten months the period of time between the discovery of a Zero Day and its weaponization dropped from eight days to four – it has been essentially cut in half, according to a Malwarebytes report.

“The cyber criminals who develop exploit kits are always on the lookout for additional vulnerabilities to add to their arsenal. Their selection of vulnerabilities directly affects their businesses, their popularity, as well as the prices they can charge malware authors who use their services as a vehicle for delivery. All of this hinges on successful infections, and using zero days yields the highest infection rates possible,” the researchers said.