Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Hackers Leveraging Zero-Day Vulnerabilities More Rapidly

November 9, 2022

More good news, right? I suppose it comes as no surprise that Microsoft is warning in its 114-page Digital Defense Report that it has “observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability,” making it imperative that organizations patch such exploits quickly.

This also echoes an April 2022 advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which found that bad actors are “aggressively” targeting newly disclosed software bugs against broad targets globally.

Microsoft observed that it only takes 14 days on average for an exploit to be available in the wild after public disclosure of a flaw, stating that while zero-day attacks are initially limited in scope, they tend to be swiftly adopted by other threat actors, leading to indiscriminate probing events before the patches are installed.

Microsoft further accused Chinese state-sponsored groups of being “particularly proficient” at discovering and developing zero-day exploits.

This has been compounded by the fact that the Cyberspace Administration of China (CAC) enacted a new vulnerability reporting regulation in September 2021 that requires security flaws to be reported to the government prior to them being shared with the product developers. OUCH. That is a truly distressing thought.

Microsoft said the law could enable government-backed elements to stockpile and weaponize the reported bugs, resulting in the increased use of zero-days for espionage activities designed to advance China’s economic and military interests.

The story includes a link to some of the vulnerabilities that were first exploited by Chinese actors before being picked up by other adversarial groups.

The findings come almost a month after CISA released a list of top vulnerabilities weaponized by China-based actors since 2020 to steal intellectual property and develop access into sensitive networks.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225, Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Hackers Leveraging Zero-Day Vulnerabilities More Rapidly

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer