Data security

New Attack Vector Creates the Potential for New Vulnerabilities

Cybercriminals are always on the lookout for new cybersecurity attack vectors and zero-day exploits to target governments, businesses, and the supply chain industry. In today’s security-conscious world, it is no longer acceptable to only understand the current threat landscape. Instead, you must be prepared for the next wave of attacks and be in a position to protect your environment when necessary.

Any new attack vector security vulnerability must be acted upon immediately, as the fear that a zero-day exploit could strike is very real. Zero-day is a vulnerability that is exploited on the same day it is discovered, and although this perfect storm has not happened yet, the time between discovering vulnerabilities and exploiting them continues to get shorter and shorter.

System administrators need to act quickly to newly discovered attack vectors as it’s extremely difficult to defend against an unknown exploit. Until recently the only effective way to manage new attack vectors was to follow an aggressive patch management policy, but today, advanced planning and investing in new technology such as a WAAP will put your business on the front foot against this growing threat.

Open Source Code Vulnerabilities Are a Major Issue

Proprietary and open-source code will inevitably have some form of unknown vulnerability baked into a release and although it is never done intentionally it still happens. In November 2021, a novel attack vector was discovered. Dubbed a Trojan Source vulnerability, it allows hackers to hide vulnerabilities in plain sight directly in the source code.

When building software, open-source code is considered a major risk simply because proprietary code often references open-source libraries. All it takes is a legitimate source-code library to be hijacked for vulnerable source code to be inadvertently distributed across a software supply chain.

Academic experts in the UK support this view that there is an increased risk to any software that uses components of open-source code being infected by exploited code, and that any potential downstream users could be at risk.

Attacking the supply chain is a growing problem, and it was only 12 months ago that the U.S. Government and several major businesses were left reeling in the wake of the SolarWinds Orion Platform data breach, an attack that resulted in an abundance of data breaches at well known and established institutions and shockingly, each victim was a direct customer of SolarWinds.

“Trojan Source” Makes Vulnerabilities Less Detectable

The news of the Trojan Source vulnerability has caused concern with cybersecurity experts and there are two tracked vulnerabilities for this problem (CVE-2021-42574 and CVE-2021-42694). It impacts many of the leading programming languages including C, C++, C#, JavaScript, Java, Rust, Go, and Python.

The exploit targets text-encoding standards such as Unicode. The way it works is very clever – the bidirectional Unicode algorithm supports standard English writing of left-to-right, and Arabic or Hebrew writing of right-to-left.

Unicode even allows each writing style on the same line of code, making it easy to hide erroneous code in plain sight often in comments or to-do notes. Academic researchers have described it as essentially anagramming program A with program B.

Protecting Against Software Vulnerabilities

Upholding an aggressive patch management strategy is still a great way to tackle this problem, however more recently as the technology has evolved, Web Application and API Protection Platforms (WAAP) have been created to combat this risk. A WAAP does this by enforcing application security, data security, and application delivery.

At the heart of a WAAP solution is a next-gen Web Application Firewall that is embedded with real-time attack detection and prevention software that inspects API endpoints looking for imitation code. Combining this with DDoS protection and machine learning intrusion protection algorithms creates a tough application security layer against new attack vectors.

A WAAP has protection against malicious bots, isolating and stopping a bot will thwart any attempts to harvest sensitive information, and advanced rate-limiting technology is the perfect accompaniment to reject denial-of-service attempts, keeping your online services up and running at all times.

Two other key features of a WAAP are protection for microservices, even if you do not use microservice today, the entire industry is moving toward microarchitecture, so having the protection future-proofs the investment.

Protection against account takeover is another welcome feature that hardens the platform from known compromised accounts. This makes the dictionaries, password lists, and data dumps traded on the dark web null and void.

We have just scratched the surface of what a WAAP can do, not to mention the ability to leverage a content delivery network (CDN) for performance and an added layer of protection, global server load balancing to distribute traffic securely, and advanced disaster recovery features that always give you a fallback point.

A post by Kidal D. (5264 Posts)

Kidal D. is author at LeraBlog. The author's views are entirely their own and may not reflect the views and opinions of LeraBlog staff.

Leave a Comment