Many businesses cannot keep up with the speed at which cybercriminals exploit their vulnerabilities. Even though there is usually a small window of opportunity between an exploit being discovered and it being patched, malicious actors are quite good at using that window and wreaking havoc.
This is based on data collected from its Wolf security suite, according to a new paper released by tech giant HP. It analyzed “billions of attachments, web pages, and downloads without any infringement” to understand malware behavior in the wild, and found that it took a reasonable amount of time for a business to implement, test, and fully implement a patch. The average time to deploy from a check is 97 days.
Although being able to exploit such a vulnerability in the first place would require a “highly competent” criminal, crooks have begun to develop automation scripts, which have lowered the bar for penetration significantly.
- These are the best endpoint protection tools
- Protect your device with these best antivirus software
- Here’s our pick of the best malware removal software on the market
For example, zero-day CVE-2021-40444, a remote code execution vulnerability that enables exploitation of the MSHTML browser engine using Microsoft Office documents, was first discovered on September 8. A few days after the initial bulleting was released — on September 10 — the HP Threat Research team shared a script designed to automate the creation of this exploit on GitHub.
The patch was released on September 14.
This particular vulnerability was also quite dangerous. This allows attackers to compromise the target device with almost no user interaction. Once the malicious file makes it to the endpoint, all users need to do is preview it in File Explorer – they don’t need to open it or run any macros. Even previewing the file allows an attacker to compromise the machine, install backdoors and take the attack to the next level.
HP Senior Malware Analyst Alex Holland commented, “We expect threat actors to adopt CVE-2021-40444 as part of their arsenal, and potentially use them to gain early access to systems today.” can also replace common exploits, such as those exploiting the equation editor.” Wolf Security Threat Research Team, HP.
With 89% of malware being delivered via email, and 12% of email malware bypassing at least one gateway scanner, detection alone will not be enough, said Dr. Ian Pratt, global head of security for Personal Systems, HP said. To stay safe in today’s dynamic threat landscape, businesses should adopt a layered approach to endpoint security, while adhering to zero trust principles, he concluded.
- Here’s our roundup of the best patch management tools