Security news that informs and inspires
A global map

‘Zero Day Piled on Zero Day’

SAN FRANCISCO–The focus from both state actors and cybercrime groups on exploiting edge devices in the last few months has been a serious challenge for enterprises and government agencies, and from all indications, that is not likely to change anytime soon.

Edge devices make attractive targets for attackers thanks to their position in networks as well as the powerful view they can offer once they’re compromised. There has been a string of vulnerabilities disclosed in security appliances and other edge devices in the last few months, some of which were exploited as zero days. One of the most serious cases involved two separate bugs in the Ivanti Connect Secure and Policy Secure appliances that were disclosed in January. Soon after the disclosure the Cybersecurity and Infrastructure Security Agency issued a rare emergency directive requiring federal agencies to disconnect affected devices from the Internet.

“There was zero day piled on zero day in some cases. Those devices are going to be the focus of both state actors and ransomware crews. They’re Internet-facing, they contain large amounts of data and are attractive places for the bypass of security boundaries,” recently retired NSA Director of Cybersecurity Rob Joyce said during a session at the RSA Conference here Wednesday.

“If you’re using these edge devices for protection and that’s your only protection, it’s not good enough. It gives the actor the opportunity to do credential harvesting, lay down persistent presence, use it as an exfiltration point. We really have to think about a broader set of sec than just edge devices,” said David Luber, who is Joyce’s successor at NSA.

“You need to have MFA enabled and zero trust behind those devices so there’s minimal opportunity for actors to move.”

NSA has one of the truly unique views of the threat landscape and attacker activity, and while it’s perhaps the most powerful signals intelligence agency on the planet, Joyce and Luber said that the agency and its counterparts still need assistance and collaboration from private sector experts and security companies to counter advanced attackers.

“It’s more important than ever to have our analysts working side by side to work on these advanced threats. It’s not just about what we can bring to bear from an NSA perspective. In many cases we need to do it from a national perspective,” Luber said.

Joyce, who spent 34 years at NSA and ran the agency’s Cybersecurity Directorate since 2021, said the agency’s unique perspective is an asset, but combining that with information from outside companies is vital.

“The ability to go out and marry those two viewpoints together is what we need,” Joyce said.