Google’s Threat Analysis Group (TAG) recently released a blog post about a troubling finding: state-backed attackers and commercial surveillance vendors repeatedly using N-day exploits to target known vulnerabilities in devices.
These attacks rely on different infection mechanisms, designed to be as stealthy as possible. A critical component of these attacks is the delivery mechanism, which often involves compromised or malicious websites. These are either legitimate sites that have been compromised or purpose-built malicious websites that distribute the exploits, making it difficult for users to identify the threat.
Due to mobile device sandbox restrictions, detecting N-day exploits requires indirect methods. This involves either monitoring for system modifications indicative of persistence or identifying the malicious websites used for infection.
Google’s Threat Analysis Group (TAG) released Indicators of Compromise (IOCs) for the malicious websites found and associated with these attacks. Zimperium’s Mobile Threat Defense (MTD) solution offers robust protection against these threats by:
- Filtering malicious web content: MTD accurately identifies and blocks websites distributing N-day exploits and C&C communications. MTD detected 100% of the reported links in a zero day fashion.
- Assessing device vulnerabilities: MTD determines if a device’s operating system version is susceptible to known exploits.
- Continuously monitoring the device for tampering activities: In order to achieve persistence, most spywares modify the system, leaving traces of its presence. MTD continuously monitors for abnormal and tampering events.
As attackers continue to exploit these vulnerabilities, strong security measures are essential. MTD’s comprehensive approach, combining malicious website filtering and device vulnerability assessment, ensures proactive protection against evolving threats.
