In the last quarter of 2019, researchers at ClearSky uncovered an attack operation that they dubbed the “Fox Kitten Campaign.” Iranian actors used this offensive to gain persistent access into the networks of dozens of companies operating in Israel and around the world across the IT, telecommunication, oil and gas, aviation, government and security sectors. These individuals were successful in their efforts because they employed a variety of attack vectors. Overall, ClearSky found that their most effective attack vector was the exploitation of “1-day” vulnerabilities in unpatched VPN solutions for the purpose of infiltrating and compromising critical corporate information storages.

You don’t hear about “1-day” vulnerabilities all that much. But these “N-day” weaknesses, as they’re more commonly called, are a security concern that all organizations should have on their radar. Otherwise, they could leave themselves exposed to attack campaigns such as Fox Kitten.

With that possibility in mind, this blog post will begin by providing a definition of what “N-day” vulnerabilities are and by differentiating them from zero-day flaws. It will then discuss how these bugs pose particular security risk for industrial control systems (ICSes) over other environments. Finally, it’ll conclude by providing guidance on how organizations can strengthen their ICSes against n-day vulnerabilities.

What Are N-day Vulnerabilities?

Dark Reading explains that N-day vulnerabilities are a type of security weakness about which a software developer or hardware manufacturer already knows. These companies might have already issued a patch for these types of flaws, or they could be in the process of creating one or rolling one out. Subsequently, digital attackers don’t need to do any hard lifting. They can usually find out all they need to know about the vulnerability by reviewing the patches using a process called binary diffing or by scouring public disclosure documents for active exploits.

(Read more...)