Hikvision’s Senior Cybersecurity Director on Current Cyber Threats: Zero-Day Vulnerability Exploits and Ransomware on the Rise
Hikvision Senior Director of Cybersecurity, Chuck Davis, blogs about current cyber threats and trends to help our partners stay cybersecure. Today, Davis is covering zero-day vulnerability exploits in iOS and Android, and ransomware on the rise.
A vulnerability is a weakness in software that, when exploited, can give an attacker the means to do something malicious or unauthorized. Learn more about vulnerabilities in this Hikvision blog.
iOS Zero-Day Exploits
According to Kapersky.com, a zero day exploit “is a cyberattack that occurs on the same day a weakness is discovered in software. At that point, it's exploited before a fix becomes available from its creator.”
Apple released multiple security updates to iOS in early November that included patches for three zero-day vulnerabilities that are actively being exploited.
Many iOS devices will update themselves, but to be sure you get the update in a timely manner, follow these steps:
- Go to Settings > General, then tap Software Update.
- Tap Download and Install.
To verify that you install updates automatically, go to Settings > General > Software Update > Automatic Updates, then turn on Install iOS Updates. Your device will automatically update to the latest version of iOS or iPadOS. Some updates might still need to be installed manually.
Android Zero-Day Vulnerability
Google recently patched additional Chrome vulnerabilities for Windows, Mac and Linux. Google also patched a zero-day vulnerability that is unique to Chrome on Android. “Chrome for Android has a zero-day hole that crooks are already abusing, so you need to patch,” according to NakedSecurity.
To stay safe from this vulnerability, ensure you have the latest version of Chrome running on your system:
- On Windows, Mac, and Linux you should be running version 86.0.4240.183 or later.
- On Android, you should be running version 86.0.4240.185 or later.
Ransomware on the Rise
Ransomware is a form of malware that is silently installed on someone’s computer after they fall for a phishing attack. Ransomware quietly encrypts all of the files and folders on your computer, and any data on connected USB or mounted shared drives, and then uploads the decryption key to the threat actor who tricked you into installing the ransomware.
According to the latest Coveware Quarterly Ransomware Report, ransomware is not only increasing in frequency, but the average ransom demand has greatly increased to $233,817 in Q3, up 31 percent from Q2 in 2020.
Additionally, attackers are more likely to keep stolen data to demand additional ransom to keep the victim’s data from the public eye, instead of deleting the files. However, Coveware has observed that some ransomware attackers are sending false evidence to prove that they deleted the data and then leaking the data anyway.
To defend against ransomware attacks, secure your network. Be very careful not to fall victim of a phishing attack, back up your systems, and keep sensitive data in offline backups. Learn more about phishing and vulnerabilities in these Hikvision blogs: