ET Edge Insights recently engaged in a discussion with Sharda Tickoo, Director of Sales for Large Enterprise and Technical Leader at Trend Micro for India & SAARC, to delve into the concept of Zero Day and its profound significance in the realm of cybersecurity.
Edited excerpts
What is the Zero Day Initiative (ZDI), and how does it contribute to enhancing cybersecurity measures?
The Zero Day Initiative (ZDI) is the ultimate matchmaker in the cybersecurity realm. It brings together two key players: the good guys, which include security researchers and ethical hackers, and the folks responsible for creating the software we all rely on. Now, ZDI’s primary mission is to uncover and address those elusive software vulnerabilities known as zero-days. These are the sneaky bugs that cyber attackers love because they can exploit them before the software creators even realize they exist.
Here’s how it works: when a researcher discovers a zero-day, they report it to ZDI. Then, ZDI springs into action, collaborating closely with the software vendor to swiftly patch up that bug. This proactive approach helps thwart potential attacks and keeps us all safe while navigating the online world. For instance, at Trend Micro, the ZDI has a well-defined disclosure policy, ensuring transparency in how vulnerabilities are handled. They work to ensure that a vendor’s unwillingness to address a vulnerability doesn’t result in it being ignored or “swept under the rug.”
But ZDI doesn’t stop there. They also recognise and reward these researchers for their invaluable contributions. By offering cash incentives, they inspire more individuals to join the fight against cyber threats.
In essence, ZDI operates as the superhero of cybersecurity, constantly scanning for dangers and swooping in to save the day, making our digital landscape a whole lot safer for everyone.
Director for Sales, Large Enterprise & Technical Leader India & SAARC
Trend Micro
Can you name some recently active cyber-attack groups along with the industries they have targeted?
Sure, recently there have been quite a bit of activity from cyber-attack groups targeting different industries. One group to watch out for is Water Hydra, also known as DarkCasino, which has been going after the financial sector pretty aggressively. They’re hitting banks, cryptocurrency platforms, forex and stock trading sites, even gambling platforms and casinos. We have recently flagged an interesting vulnerability which they exploited in Microsoft Defender SmartScreen. Then there’s Black Basta, a newer ransomware group causing a stir in various sectors like tech, insurance, manufacturing, and utilities. They’re using some pretty advanced tactics like double-extortion to make their mark. And let’s not forget about BlackCat, who’s been making waves since 2021 with their triple extortion attacks. They’ve been targeting a wide range of industries like construction, retail, manufacturing, tech, and energy. It’s a wild world out there in the cyber realm, constantly evolving and keeping everyone on their toes!
What are the main challenges associated with responsible vulnerability disclosure, and how does ZDI attempt to address them?
Responsible vulnerability disclosure comes with its fair share of challenges, including getting vendors to acknowledge issues promptly, navigating communication barriers, and ensuring user safety throughout the process. To tackle these hurdles head-on, the Zero Day Initiative (ZDI) has put together a carefully crafted disclosure policy.
Right off the bat, ZDI jumps into action by getting in touch with affected vendors using different channels, like listed mechanisms or direct emails. They’re quick on their feet, also sending out protective filters to Trend Micro customers to offer instant defense.
If a vendor doesn’t acknowledge the issue within five days, ZDI makes a second formal attempt, sometimes even involving a mediator if necessary. If all else fails, ZDI may issue a public advisory after fifteen business days. When vendors do respond, they’re given a 120-day window to fix the problem. If they drag their feet, ZDI may release a limited advisory to prioritize user protection.
Dealing with flawed patches is another challenge. ZDI implements a tiered disclosure timeline, giving vendors 30, 60, or 90 days based on the severity of the issue. If a vendor can’t or won’t patch, ZDI collaborates on workarounds and maintains transparency by summarizing communications.
Ultimately, ZDI’s meticulous approach ensures responsible disclosure, safeguards users, and holds vendors accountable for fixing issues promptly. They’re not afraid to extend timelines when needed, showing their dedication to creating a safer digital landscape for us all.
In your opinion, what collaborative efforts are needed at the industry level to counter the growing sophistication of cybercriminals?
When it comes to facing off against increasingly savvy cybercriminals, teamwork is the name of the game. We’re talking about banding together across industries to tackle this threat head-on. Take the Zero Day Initiative (ZDI), for example—they’re showing us how sharing insights and expertise can really make a difference in staying one step ahead of the bad guys.
But it’s not just about talk; action is key. We need to set up industry-wide protocols for handling incidents and make sure sharing best practices becomes second nature. It’s all about building a united front against cyber-attacks, giving us all the tools we need to fend off those looming threats.
Embracing ethical hacking and responsible disclosure, is crucial here. By teaming up to spot and patch vulnerabilities, we turn potential weaknesses into strengths, making our digital realm tougher to crack.
And let’s not forget about innovation—it’s our secret weapon. We’ve got to keep investing in collaborative research and development efforts to beef up our cybersecurity defenses. Plus, forging partnerships—both within our industry and beyond—is a must.
Additionally, academia should consider including cybersecurity in the curriculum should be made a part of the curriculum to educate young minds, promote the growth of the profession, and strengthen the information security ecosystem. By pooling our resources and know-how, we can put up a stronger fight against cyber threats worldwide.
At the end of the day, it’s all about fostering a culture of openness, teamwork, and never-ending improvement. Together, we can build a digital world that’s safer and more secure for everyone.
