Institutions and regular web users are always on alert about avoiding errant clicks and downloads online that could lead their devices to be infected with malware. But not all attacks require a user slip-up to open the door. Research published this week by the threat monitoring firm ZecOps shows the types of vulnerabilities hackers can exploit to launch attacks that don’t require any interaction from the victim at all—and the ways such hacking tools may be proliferating undetected.
Vulnerabilities that can be exploited for zero-click attacks are rare and are prized by attackers because they don't require tricking targets into taking any action—an extra step that adds uncertainty in any hacking scheme. They’re also valuable, because less interaction means fewer traces of any malicious activity. Zero-click exploits are often thought of as highly reliable and sophisticated tools that are only developed and used by the most well-funded hackers, particularly nation state groups.
The ZecOps research suggests a different story, though: Perhaps attackers are willing to settle in some cases for using less reliable, but cheaper and more abundant zero-click tools.
"I think there are more zero-clicks out there. It doesn't have to be 'nation state-grade,’” says ZecOps founder and CEO Zuk Avraham. "Most wouldn't care if it's not 100 percent successful, or even 20 percent successful. If the user doesn't notice it, you can retry again."
Any system that receives data before determining whether that delivery is trustworthy can suffer an interactionless attack. Early versions often involved schemes like sending customized malicious data packets to unsecured ..
Support the originator by clicking the read the rest link below.
