Zero-Day Exploit Cyber Hacks – An Overview

On 02nd March 2021, Microsoft released a security update on an emergency basis for patching four security holes that were there in their Exchange Server System of version 2010 to 2019.

Read more

Please share some basic details

Step 1/2
Are you buying the policy for?
Or Contact us on: 1800-309-0988
Get Updates on WhatsApp
By clicking on "" you agree to our Privacy Policy and Terms Of Use, and also provide us a formal mandate to represent you to the insurer and communicate to you the grant of a cover.

Just a step away from the quotes
Step 2/2

Popular Cities

Are you buying Cyber Insurance policy for the first time?
Or Contact us on: 1800-309-0988
Get Updates on WhatsApp
By clicking on "" you agree to our Privacy Policy and Terms of Use, and also provide us a formal mandate to represent you to the insurer and communicate to you the grant of a cover.

The above decision was taken after an organization’s 30,000 or even more accounts across the United States including local governments to small businesses everything was hacked by an aggressive China-based cyber undercover unit.

They send emails with vulnerabilities through the Microsoft Exchange Server and made hundreds of thousands of organizations worldwide its victims. This tool provides total accessibility or remote control on the affected systems.

According to some sources, a China-based Hufnium group is targeting law firms, defense contractors, higher education institutes, NGOs, etc. with this tool through leading the United States-based virtual private servers.

This attack includes three steps –

  • In the first step, it gains access to the Exchange Server either with the password that was stolen or through previously unknown vulnerabilities for disguising itself as someone who has the access.
  • In the second step, it creates what is known as a web shell for controlling the compromised server through some remote location.
  • In the third step, it uses the remote access that is run from the United States of America-based private sectors for stealing data from the network of an organization.

Here the web-shell is worth discussing. The web-shell are backdoor hacking tools that enable the attackers to come back to the machine as soon as it gets infected and have access as an administrator.

This type of hacking is a good example of a zero-day exploit that is one of the new vulnerabilities discovered in software. Such are quite common and they exist in most of the pieces of the software as soon as it is launched. However, it becomes dangerous when it is recognized by the wrong people.

The two main questions that may come to anyone’s mind after reason these are:

  • How long does it take to patch?
  • What is its impact?

Let us see the answers to these two questions:

How long does it take to patch?

The time is running. From the time the issue in the software is discovered and is disclosed and a patch is deployed for the same, how much of the data has been transferred to the hackers? This is one of the key questions that every underwriter of cybersecurity can ask. What is the patching cadence of an organization is another question? Or to put it more simply, does the company update its software within its network regularly. And if yes, then how frequently? Moreover, in case of issuance of an emergency security patch, what is the ability of the company to get that implemented across the network of the company.

If we see this closely, we will observe that it is not only the case wherein the 'install update' button is clicked and one can go on a coffee break. All the software systems of a company are interconnected in a way that a single change in a single system can leave a serious impact on other software that is running within the organization. Therefore, testing all the patches before deploying them into the organization's network is the key. In an active attack on a network, this period is critical.

So, if an organization reports the issue in the days instantly after it reported the hack, the criminals got shifted to high gear for gaining a foothold in as many organizations as possible before the deployment and installation of the patch.

What is its impact?

As per the statement of Microsoft, the patch doesn’t remove the hackers from the system that is infiltrated already. It gives some guidance to mitigate the impact until the deployment of the patch. Any organization impacted by this attack at Microsoft Exchange will need a few remediation efforts likely from IT forensic support or outside security. These costs generally fall in a cyber-insurance policy. But, beyond the initial expenses of the response that are incurred, how much more damage can an attacker cause with the administrative access in the system of a company. So, far it seems like there has not been any secondary attack on the affected organizations. Another question that arises here is – how does an attacker use the web-shells that are explained above has planted at all the places and what could it do?

For a different set of attackers, this is not uncommon to target all such vulnerabilities as soon as they are disclosed. We can imagine this with someone getting access to these web-shells and start an event of mass ransomware.

However, the affected organizations must:

  • Deploy the emergency patch as soon as possible.
  • Inform their cyber insurance provider for notifying their cyber insurance carrier about the security incident and
  • Doing a thorough forensic review of IT for removing any kind of backdoors and web-shells installed in the network at the time of the attack.

The Final Words!

Once the patch is deployed, the exploit is not called a zero-day exploit. Even these attacks are not discovered instantly, and it often takes not just some days but months or sometimes even years before the developers learn about it.

Written By: PolicyBazaar - Updated: 15 February 2022

Cyber insurance news

Latest News
Reddit Hacked in a Targeted Phishing Attack

14 Feb 2023

On February 5, Reddit confirmed hackers tried to access their internal information and source code through a highly targeted phishing attack.
Read more
Christopher Slowe, CTO of Reddit, revealed the company was able to recognize sophisticated attacks targeting Reddit employees. He said that an unidentified attacker message sent 'plausible-sounding prompts’ that redirected the company's employees to an internet portal that impersonated to be Reddit. The hackers tried to steal employees' credentials & two-factor authentication keys. The hackers accessed some internal documents, source codes, dashboards, and business systems. However, Reddit recognized the security breach, cut off the access, and started an internal investigation. They also said there is no evidence of personal or non-public data breaches, publication, or online distribution. Furthermore, they are investigating & monitoring the situation to enhance their security system.
FM Nirmala Sitharaman announces Set up of 3 Artificial Intelligence Centres of Excellence

03 Feb 2023

Finance minister Nirmala Sitharaman presented the Union Budget FY 2023 on February 1, 2023. The Finance Minister announced the establishment of 3 artificial intelligence centres for excellence under
Read more
the initiative of “Make AI in India”. Set up of these AI centres will take place in top educational institutes. “Make AI work in India” is an initiative and a focus area of the Modi Government. Nirmala Sitharaman also said that the government will implement the national data governance policy.
Cyber Fraudster Target Customer under Disguise of Insurance Officer

09 Jan 2023

Cyber fraudsters are targeting customers under the disguise of not a bank official but an insurance company official. In one such event, a 67 year old citizen from Thottakattukara, Kochi, lost Rs 1 lakh.
Read more
He was approached by a woman name Radhika Jain who claimed to be from an insurance company. She promised the victim to make the financial settlement for the raised claim if he pays Rs 1 lakh to renew the policy. When the victim filed the complaint, Rural Cyber Police, Ernakulam, launched the investigation. The incident took place on October 29 and the fraudster claimed to be an ICICI Prudential Insurance official. The fraudster fooled the elderly person by telling them that his insurance policy has expired and the settlement cannot be made disbursement of the insurance amount. As per the Police officer, “The fraudster suggested the victim to pay Rs 1 Lakh to renew the insurance policy. If the policyholder pays the amount then he will be considered as Senior citizen and the disbursement will be done. In order to make it look genuine, the caller sent ICICI Prudential life insurance letterhead through Whatsapp.” “The fraudster promised the complainant that within 45 days the settlement of Rs 2.45 lakh will be done. The victim transferred the amount to the fraudster’s Canara bank account and once the payment was made the fraudster sent some fake documents. However, the promised settlement of Rs 2.45 lakh was not made even after 45 days.” A police officer said. After cross checking the details of transaction, the police found out that the accused was from Aligarh. Police is also probing as to how the accused got the information related to the insurance policy of the victim.
Sensitive Data of 6 Lakh Indians Stolen by Hackers and Sold at Rs. 490 each

09 Dec 2022

Out of 5 million people globally, 6 lakhs Indians have had their sensitive data stolen and sold on the bot market making India, the worst affected country.
Read more
The average cost of the digital identity of one person was Rs.490, revealed NordVPN, the world's largest VPN service provider. The stolen data include user logins, screenshots, digital fingerprints, cookies, and other sensitive information. All these data are sold in packets in the bot markets, which refer to places where hackers sell stolen data from victims' devices with bot malware. The study majorly looked into three-bot markets the Genesis market, 2Easy and the Russian Market. Out of 26.6 million stolen logins found on the bot markets, 7,20,000 were Google logins, 6,47,000 were Facebook and 6,54,000 were Microsoft logins. Moreover, 667 million cookies, 5,38,000 auto-fill forms, 81,000 digital fingerprints, multiple device screenshots, and webcam snapshots were also found by the researchers. The bot markets are distinct from other dark markets as bot markets are able to get huge amounts of information related to one person in one place. The hackers also guarantee that once the bot is sold, the data of the victim will be updated till their device is affected by that bot, stated Marijus Briedis, chief technology officer at NordVPN. Security researchers also said that not all bots come with a good purpose, many can be malicious as well. These bots operate in multiple fields like customer service, SEO and entertainment and are becoming increasingly common recently. Vidar, RedLine, Taurus, AZORult and Racoon are some of the most popular malware used to collect and steal information out of which RedLine is the most common, stated the report.
AIIMS Cyber Breach: Attackers Demand Rs 200 Crore in Crypto

06 Dec 2022

All India Institute of Medical Sciences, New Delhi, India reported a cyberattack on November 23, 2022. Later, the statement released by AIIMS said that e-hospital system
Read more
has gone down and it has affected the digital hospital services, e-billing, smart lab, appointment system and report generation. AIIMS currently manages around 2,500 beds. It is said that the data of around 2 to 3 Crore patients might have been compromised. After the incident, AIIMS shifted to manual operations to cater the patients. Also, All India Institute of Medical Sciences sought National Informatics Centre (NIC) and I-CERT to restore the digital services. The incident has been reported to Delhi Police whereas CBI and NIA have joined the investigation. AIIMS issued a new Standard operation procedure where the admission, discharge and transfer of patients will be done manually.  As per a source told Press Trust of India, “Hackers have demanded a ransom of Rs 200 Crore in crypto currency on November 28, 2022”. Later, Intelligence Fusion & Strategic Operations unit have registered the case under cyber terrorism and extortion on November 25.  Meanwhile, National Information Centre e-hospital database and application servers restored the data for e-hospital. Also, the team of NIC is cleaning and scanning infections from other e-hospital servers that are located at AIIMS hospital. These servers are required to deliver the service of the hospital. Also, four physical servers have been arranged to restore the e-hospital services and have been scanned and prepared for the applications and database. As per the source, “Sanitisation of AIIMS network is in progress. Antivirus has been installed on 1200 out of 5000 computers and 20 out of 50 servers have been scanned. This activity is going on 24*7”.

Cyber insurance articles

Recent Articles
Popular Articles
9 Ways to Protect Yourself from Cyber Crime

21 Mar 2023

As per the Indian Computer Emergency Response Team, 12.67 lakh
Read more
Cyber Insurance for Banking Finance and Insurance Industry

28 Feb 2023

Cyber insurance for the banking finance & insurance industry
Read more
Interconnected History between Cyber Insurance and Cybersecurity Policy

14 Feb 2023

Cyber insurance and cybersecurity policy are two important
Read more
The Imperative Need of Cyber Insurance for MSMEs

14 Feb 2023

In the age of digitalization, technology has become an essential
Read more
The Need for Cyber Insurance Policy in India

01 Feb 2023

Cyber attacks are becoming increasingly frequent in India and
Read more
Biggest Cyber Breaches in India
We live in the digital era. Now, almost everything is possible online as every other organization is going digital
Read more
8 Ways to Enhance Retail Store Security
Every shop owner must put in extra efforts to make their retail store as safe as possible. To create a secure
Read more
Impact of Cyber-Attacks On Insurance Industry
The cyber risks have increased after the outbreak of Covid-19. One of the main reasons behind the increment in
Read more
Cyber Security for Retail: Threats & How To Avoid Them?
With the increased usage of the Internet, the number of cyberattacks has increased as well. Since retail shops
Read more
Role of Cybersecurity in the BFSI Sector in India
The Banking and Financial Services Industries (BFSI) sector has been one of the pioneers in adapting technological
Read more