The Zero Day Initiative Threat Hunting team had a productive 2024, identifying numerous zero-day vulnerabilities and their exploitation by threat actors. The team highlighted key achievements and ongoing challenges in vulnerability management, emphasizing the need for prompt and comprehensive patching solutions. Affected: Microsoft, Dropbox
Keypoints :
- The ZDI Threat Hunting team identified multiple zero-day vulnerabilities exploited in the wild during 2024.
- Trend Micro provided virtual patches for vulnerabilities before official vendor patches were released.
- Notable vulnerabilities included CVE-2024-21412 and CVE-2024-29988, both related to SmartScreen bypasses.
- Phishing campaigns have become more sophisticated, leveraging AI technologies.
- Narrow patching practices by vendors pose significant security risks.
- Communication breakdowns between security researchers and vendors can hinder vulnerability remediation.
- Flaws in the CVSS scoring system can lead to inadequate prioritization of vulnerabilities.
MITRE Techniques :
- TA0001: Initial Access – Exploitation of CVE-2024-21412 by Water Hydra APT group.
- TA0001: Initial Access – Exploitation of CVE-2024-29988 for SmartScreen prompt bypass.
- TA0002: Execution – Use of CVE-2024-38112 to infect users with Atlantida stealer.
- TA0002: Execution – Exploitation of CVE-2024-43461 to spoof file extensions during downloads.
- TA0001: Initial Access – Use of CVE-2024-38213 to bypass SmartScreen protections.
- TA0001: Initial Access – Exploitation of CVE-2024-49041 for spoofing in Microsoft Edge.
Indicator of Compromise :
- [file hash] CVE-2024-21412
- [file hash] CVE-2024-29988
- [file hash] CVE-2024-38112
- [file hash] CVE-2024-43461
- [file hash] CVE-2024-49041
- Check the article for all found IoCs.
Full Research: https://www.thezdi.com/blog/2025/1/8/zdi-threat-hunting-2024-highlights-trends-amp-challenges