Based on the principle of "Never trust, always verify," the Zero-trust strategy assumes that threats exist both inside and outside the network, and therefore no users, systems, and devices should be trusted by default. Endpoint, often being the primary attack surface, is crucial for security posture of the entire organization. Endpoint security provides the early detection necessary to stop threats before they spread and maintains the integrity of data and systems. Without effective endpoint security, the Zero-trust strategy would be incomplete and vulnerable to exploitation, making it an indispensable layer in cybersecurity.
Exploitation of Edge Device Surges
According to TeamT5’s research, in the past 3 years, edge devices have been targeted as an initial compromise entry, especially by Chinese APT actors. Acting as the interface between the data center and the real world to collect information, edge devices are often exploited by actors to infiltrate their intended targets. We also find that in the past 2 years, Chinese APT actors are capable of finding the vulnerabilities of endpoints and exploit Zero-days on the edge devices.
Consider this case of vulnerability exploitation. According to TeamT5’s analysis research, two critical vulnerabilities of the Zyxel ZyWall USG 20/50 firewall devices have been exploited by threat actors since July 2023, primarily targeting entities in Taiwan. After compromising the endpoint, the actors installed botnets for further command and control.
To mitigate and respond to edge device exploitation, applying the patch is still the best solution. However, for those Zero-days in the wild, since there is no patch available, what can we do?
How to Respond to Zero-days?
To respond to Zero-days, we suggest having the following countermeasures:
Threat Intelligence: Understand actors like actors understand your edge devices.
Since the actors have the capability to find Zero-days and tailor backdoors for the compromised edge devices, we should know more about how the actors exploit the vulnerabilities and respond accordingly.
TeamT5 provides the biweekly Vulnerability Insights Report (VIR) with a detailed analysis of severe vulnerabilities and recent cyber threats. Each VIR focuses on a single critical and highly exploitable vulnerability, offering exploit scenarios and global incident highlights. Besides remediation solutions, VIR also provides practical mitigation strategies when immediate fixes are not possible, enabling users to proactively protect their systems and mitigate identified vulnerabilities.
As threats from the dark web are also rising, such as selling Zero-day exploits, target vulnerabilities and leaked credentials or data of the organizations, it is necessary to have more active defense to stay ahead of threats.
TeamT5 offers Deep and Dark Web Risk Intelligence. One is the Deep & Dark Web Risk Alert, discovering leaked credentials or data in the deep and dark web by automated scans. The other is the Deep & Dark Web Risk Tailored Report, including additional threat risk analysis, recent findings and mitigation suggestions provided by TeamT5’s analyst team.
Endpoint Threat Hunting: Actively hunt for hidden threats
TeamT5, as the leading company in APAC threat intelligence with proactive threat hunting technology, can provide intelligence-driven threat hunting, the critical part of the Zero-trust strategy.
TeamT5’s ThreatSonar, with built-in thousands of APT backdoor signatures, provides the latest intelligence to every endpoint for threat forensics. Additionally, ThreatSonar allows the import of external intelligence such as hashes, IPs, domains, Yara rules, and IoCs to precisely defend against potential targeted threats.
Conclusion
In a world where breaches are inevitable, always verify and never assume that any part of your network is completely safe. To conduct an effective Zero-trust strategy, businesses and organizations must:
- Know Your Adversaries: No matter it’s through threat intelligence on APT or dark web activities, understanding the enemy’s tactics can facilitate the enhancement of the Zero-trust strategy.
- Prioritize Vulnerability for Patching: Address the most critical vulnerabilities first, especially those that are actively being exploited.
- Dark Web Intelligence: Leverage insights from the dark web to prevent stolen data and attacks before they happen.
- Proactive Threat Hunting: Even adopting all the Zero-trust strategies, don’t forget the principle “Never Trust, Always Verify” and always use the threat hunting tool to verify your cyber security status.