Blog

Zero-Day Prepping: Gear Up for the Next Sweeping Security Vulnerability

Shelly Tzoumas
Mar 22, 2022
3 mins read
Mandiant
Managed Defense
Zero Day Threats
Vulnerabilities

For most security teams, getting swept up remediating a zero-day vulnerability is an unwanted distraction. That distraction can quickly escalate into something far worse with a widespread vulnerability like the recent “Log4Shell”, a software vulnerability in the Apache Java Log4j library.

Vulnerabilities as ubiquitous as Log4Shell show us that advanced attackers are champing at the bit to take advantage of any opening they can find, lodging a multitude of exploits to gain a foothold into an organization’s network. Without access to experts that can aid in their defense, organizations can be sorely unprepared to defend against these types of sophisticated threats.

Enter Mandiant Managed Defense, Mandiant’s managed detection and response (MDR) service. In the management of Log4Shell for our customers, our Managed Defense team detected 11 different malware families that were used to exploit the vulnerability. Currently, our team continues to track over 30 attack campaigns exploiting the vulnerability––including activity from suspected China- and Iran-sponsored state-nexus threat clusters––and is working around the clock to help protect our customers’ IT environments.

For example, in the last 12 to 15 months alone we’ve protected our customers from significant events such as Kaseya, SonicWall, and Microsoft Exchange. Our extensive frontline visibility and industry-leading threat intelligence affords us the ability to deploy cutting-edge threat hunting campaigns and detections throughout our customers’ environments.

In addition, we work continuously with customers to help them prepare for the next sweeping vulnerability and improve their resilience. Our consultants guide customers to take proactive actions to harden access to their internet-facing critical systems, better control connectivity and communications, increase security of credential and identity management, and help ensure business continuity measures are in place.

Learn more by registering to attend our upcoming webinar, Get Ready for the Next Zero Day: Planning for the Unknown, taking place on April 6. During the webinar, David Lindquist from Mandiant Managed Defense and Nader Zaveri from Mandiant Consulting will share best practices and actionable steps to help organizations better prepare for the next zero-day vulnerability.

In addition to providing training, and sharing our expertise through blogs and webinars, we recently launched Trending Evil, a new quarterly report that offers an inside look at the most recent threats observed by Mandiant’s Managed Defense service. Delivered as an online, interactive experience, Trending Evil provides useful information about the most impactful threats observed during the reporting period, as well as insights into the most prevalent threat actors, top malware families, commonly targeted industries, and recent attacker tactics, techniques, and procedures (TTPs). Available for free, these reports are designed to help organizations strengthen their security posture and provide defensive actions security teams can take to protect IT environments against the most prevalent threats.

Our inaugural edition of Trending Evil highlights five significant malware families our team observed during the reporting period, and discusses their impact on industries across tech, government, education, finance, healthcare, and real estate. Each quarter, the report will also include valuable, up-to-date findings about financially motivated threat groups such as UNC2500 and APT41, a Chinese state-sponsored espionage group. For instance, our newest report shows that even though the TTPs of UNC2500’s phishing campaigns continuously changed, the outcomes of compromise from the group’s activities remained the same.

Trending Evil reinforces the wide-ranging capabilities of Mandiant Managed Defense, which delivers 24x7 monitoring and event triage, continuous threat hunting to uncover hidden adversaries, and rapid response to resolve incidents before they impact the organization. Managed Defense sits uniquely in the center of the Mandiant Consulting group and the Mandiant Advantage SaaS platform, serving as both a contributor and consumer of Mandiant’s renowned threat intelligence and frontline expertise.

Get a copy of Trending Evil today. And be sure to register for our April 6 webinar to learn more about the types of campaigns Mandiant observes when sweeping zero-day vulnerabilities such as Log4Shell and Microsoft Exchange became known, and what steps can be taken to better defend against future vulnerabilities and advanced attacks.