A Zero-day attack is one of the most difficult cyber security threats to prevent but a great first step in preparing your organisation for whatever the cybersecurity threat landscape brings is to implement ISO/IEC 27001:2013 (Information Security Management System) and its complementary ISO27002 standard.
Considering Apple's stature in the marketplace, Wednesday's user advisory on a successful zero-day attack is unprecedented, and on Thursday, apple released patches to iOS, iPadOS and macOS devices as fixes for the following vulnerabilities:
CVE-2022-32893-arbitrary code execution attack that processes a specially crafted web content
CVE-2022-32894-a vulnerability in the operating system's Kernel that could be exploited by a malicious application to execute arbitrary code with the highest privileges
CVE-2022-22587-(IOMobileFrameBuffer) – A malicious application may be able to execute arbitrary code with kernel privileges
CVE-2022-22620-(WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
CVE-2022-22674- (Intel Graphics Driver) – An application may be able to read kernel memory
CVE-2022-22675-(AppleAVD) – An application may be able to execute arbitrary code with kernel privileges.
What are zero days?
Zero days are risks that materialise when a threat actor identifies a vulnerability in an application software or system and compromises it before the owner of the application discovers the vulnerability and releases patches to solve for the vulnerability.
Zero days have one of the highest success rates because a threat actors beat enterprise vulnerability management architecture, making it one of most dangerous cybersecurity exploits out there and an active ISMS in your organisation is key for resilience.
Information Security Management System - Administrative Controls:
To reduce the risk and damage from a successful zero-day attack, anticipation and readiness are key.
Your priority is to implement and mature administrative controls by defining and Information Security policy with actionable processes and procedures at all levels in your organisation.
An ideal policy should declare your high-level strategic position on Information Security.
Your policies and procedures should detail how your governance and operational structure supports your policy objectives. It should provide details on Third party Risk Management, Information Security Awareness, Incident Management, Business Continuity Management and how they are maintained in readiness for zero-day attacks to reduce user impact, reputational damage, and loss of revenue.
Information Security Management System - Technical Controls:
Your processes and procedures should also highlight details of technical procedures, guidelines and tools required to anticipate and effectively manage zero-day vulnerabilities when they occur. Systems and application patch management regime should always access, evaluate, and deploy the latest software patches and updates. Active threat hunting and patch management within and without your organisation’s attack surface must be a doctrine in your organisation.
Time to consider ISO/IEC 27001 for your organisation and prepare to respond to Zero-day attacks in your environment and support your enterprise customers threat resilience.