Scribd
Upload
58 views4 pages

Zero-Day Ops

This document outlines the threat of zero-day attacks, specifically focusing on the MOVEit vulnerability discovered in May 2023, which led to significant data breaches affecting multiple organizations. It details the life cycle of zero-day attacks, the anatomy of the MOVEit attack, and how security information and event management (SIEM) solutions can help mitigate such threats. The white paper aims to equip organizations with knowledge and tools to protect their digital assets from similar vulnerabilities in the future.

Uploaded by

hassan hamdoun
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
58 views4 pages

Zero-Day Ops

This document outlines the threat of zero-day attacks, specifically focusing on the MOVEit vulnerability discovered in May 2023, which led to significant data breaches affecting multiple organizations. It details the life cycle of zero-day attacks, the anatomy of the MOVEit attack, and how security information and event management (SIEM) solutions can help mitigate such threats. The white paper aims to equip organizations with knowledge and tools to protect their digital assets from similar vulnerabilities in the future.

Uploaded by

hassan hamdoun
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

A BLUEPRINT FOR

PROTECTION
Table of Contents
01 Overview 1

02 The life cycle of a typical zero-day attack 2

03 The anatomy of the MOVEit zero-day attack 4

Popular supply chain attacks 4

SolarWinds hack 4

Kaseya attack 4

Log4j vulnerability 4

The flow of the MOVEit attack 5

04 Attack vectors involved 7

SQL injection 7

Command-line execution 7

Privilege escalation 7

Related-party services 7

05 MOVEit's IoCs and what they mean 8

06 How SIEM solutions help you spot and tackle zero-day attacks 10

Centralized network data aggregation, correlation, and alerting 10

Threat hunting based on the MITRE ATT&CK® framework 11

UEBA 12

Forensic analysis 13

07 Secure your organization with ManageEngine Log360 14


Overview
Zero-day attacks have always been a significant
threat in the cybersecurity landscape.

These attacks exploit vulnerabilities that are unknown to the software


vendor, hence the term zero-day, which indicates that the vendor has had
zero days to fix the vulnerability. Zero-day vulnerabilities are highly sought
after by cybercriminals as they provide an avenue to gain unauthorized
entry into computer systems, networks, and software until the
vulnerabilities are fixed.

One such zero-day attack began over the Memorial Day holiday weekend
in May 2023. A zero-day vulnerability was discovered in MOVEit, a widely
used secure file transfer system created by Progress Software
Corporation. Tracked as CVE-2023-34362, this vulnerability allowed
attackers to gain unauthorized access to the MOVEit application's
database, leading to a significant data breach. The attack affected several
organizations, including Zellis, a payroll support services company
that used MOVEit in its application, thus affecting its clients: the BBC,
British Airways, and Boots.

This white paper provides a comprehensive overview of:

The anatomy of the attack and the involved attack vectors.

The indicators of compromise (IoCs), their impacts, and the steps


organizations can take to mitigate similar threats in the future.

How security information and event management (SIEM) solutions can


be instrumental in responding to zero-day attacks.

The information presented in this white paper is based on extensive


research and analysis of various sources, including news reports,
cybersecurity research blogs, and community discussions. The goal is to
equip organizations with the knowledge and tools necessary to protect their
digital assets from similar threats in the future.

1
The life cycle of a typical
zero-day attack
There are various stages involved in the life cycle of a zero-day attack.
Before diving into the MOVEit vulnerability, this white paper will
explain how such attacks typically unfold.

Discovery
Finding zero-day vulnerabilities can be a time-consuming, complex process that
requires a deep understanding of software and computer systems. A few methods
that hackers use to find zero-day vulnerabilities include:

Reverse-engineering software to identify weaknesses and potential exploits.


Monitoring software patches and updates to identify newly discovered
vulnerabilities.

If a zero-day vulnerability is reported responsibly to the software vendor, it can be


patched immediately to reduce its impact, even if the initial damage was minimal.
However, if the vulnerability is kept secret or sold on the dark web, it can be exploited
in a zero-day attack.

Weaponization
Once a vulnerability is discovered, it is weaponized as an exploit. This involves
developing code or a method to take advantage of the vulnerability and cause
unintended behavior in the software, such as allowing unauthorized access or
control.

You might also like