Introduction

Lifecycle Of a Zero-Day Vulnerability

As seen in Figure 1, there are seven stages in the life cycle of a zero-day vulnerability. Usually, a zero-day vulnerability originates as a software bug. Attackers may be able to take advantage of the bug if the software vendor fails to identify it. A security issue is typically released to the public upon discovery of a vulnerability by software vendors (Fidler, 2024; Fatima-Tuz-Zahra et al., 2020). Subsequently, the vendors release a patch for the zero-day vulnerability and update anti-virus signatures to reflect the updated knowledge of zero-day attacks.

Even after a vendor has identified and fixed a vulnerability, new exploits may still be created and used against targets that have not yet installed the patch. It may take several years for remediation to occur after this cycle of patching and exploiting, at which point the vulnerability stops impacting systems. The life cycle of a zero-day vulnerability can also be marked in a timeline as shown in Figure 2 (Bompos, 2020; Gopi et al., 2021).

Architecture and Technologies of Zero-Day Exploit

A zero-day exploit is achieved by deploying a malicious code – worm, inside the exploitation process that spreads and searches for vulnerabilities within a system or network (Akello, 2024). It replicates itself to spread through the network massively to identify all the existing vulnerabilities.

According to Pratama and Adi Rafrastara (2012), the structure of the worm includes infection propagation, remote control and update interface, life-cycle manager, payload and self-tracking. While these are the main functions in the structure of the worm, it is important to be aware that in a worm architecture, there is also an exploitation and defence system (Goni, 2020; Humayun et al., 2022) that would form an attack or hide its track from detection. The basic components in the architecture of the worm will be as follows:

Figure 3. Architecture of Worm.

Figure 3. Architecture of Worm.

The first two layers of the worm architecture include the target locator and infection propagation. These two layers are built to target the vulnerabilities that are within the system and networks (Wan et al., 2012; Alkinani et al., 2021, M. Lim, at.al., 2019, M Ibrahim, et.al., 2021). The target locator is the start of the exploitation where the worm is spread through the system or network to search for vulnerabilities or targets. Once the target is found the worm will replicate themselves onto it. Then, in the infection propagation layer. This component allows the worm to transfer itself to a new node that is compatible to get control of the remote system (Wang et al., 2014; Azam, Tajwar, et al., 2023, Sharifonnasabi, 2022, et.al., Sindiramutty, S. R. et al.,). The worm that is transferred into a new node will trick the victim into executing it based on social engineering techniques.

The next layer is the remote control and update interface. Remote control allows the hacker to control the worm network (the worm and their replicates). The hacker could send control messages to the copies of the worm which is threatening as the attacker could attach tools such as DDoS onto the worm and form an attack on the system. As for the update interface, it is a component that allows the worm to update its code and form an exploit onto the compromised system. This would result in an outbreak as it might cause the system to be introduced with more exploits and vulnerabilities after the intrusion of the worm. The life-cycle manager is a component that patches the worm to give it a life-cycle. The attacker would want their malware to only run for a period, so building a life-cycle manager will let the attackers have their worm “commit suicide” when the time has reached or continue running it endlessly in the system.

Another layer in the architecture of the computer worm is the payload execution. This layer allows the worm to carry and execute the payload based on the attacker’s objective. The type of payload will determine how the worm will be designed. This layer is crucial for the attackers as the payload execution has the technology to impact the system.

The last two layers in the architecture are the defence system and the self-tracking and reporting layer (Xu and Meng, 2023; Azam, Dulloo, Majeed, Wan, Xin and Sindiramutty, 2023, Ray, S.K, 2015, et. al., Ray, S.K, 2009, et. al.,). This layer is built to cover up the tracks that were left behind by the worm and to gain back information related to the system that was attacked. The defensive layer uses technologies such as encryption to hide its track from the detection of the system’s security system. This will allow the worm to stay longer inside the system to further exploit the system. To let the attackers gain insights into the condition of the system, the worm will send back reports through the ways that were decided by the attackers when designing the self-tracking and reporting layer. With this, the attackers could track the progress of the worm inside the system.

Technologies and Phases of Zero-Day Exploit

Originally, zero-day exploits occurred due to the intention of searching for vulnerabilities in software to be exploited. Hackers' attempts to detect any possible vulnerabilities in a system result in the organization being in a vulnerable state for a long period. The zero-day exploitation could be divided into two main phases, which are the discovery phase and the exploitation phase (Riofrío et al., 2021; Chesti et al., 2020, Zerdoumi, 2022, et.al.).

During the discovery phase, there are three steps. Firstly, hackers recognise and audit the vulnerability that they discover with the help of technologies such as fuzzers where they inject random data into the software to detect bugs Fadolalkarim and Fadolalkarim, 2024; Wen et al., 2023), reverse engineering with tools such as disassemblers to disassemble and analyse the binary codes, and binary analysis by understanding the binary code without accessing the source code of the system with a framework such as Radare2. This step is often done, to perform the search for vulnerabilities and find errors. The next step will be triage, where it is traced back to the crash to determine the root cause in the code that is vulnerable to use as an advantage for the hackers to exploit. The final step in the discovery phase is the trigger. It is the step that hackers create a reliable trigger to exploit the vulnerabilities (Ablon and Bogart, n.d.). During this phase, hackers might deploy a worm into the system to gain more information about the vulnerabilities that could be used for exploitation later on.

The exploitation phase consists of the following steps: debug, exploit and deploy. Debugging is the step where the hackers evaluate and refine the exploits to ensure their effectiveness and the functionality of them. Tools such as OllyDbg or WinDbg (specifically works for the Windows operating system), are debuggers that could evaluate and debug exploits. Here, the worm could be utilised by the attackers to further spread the worm across the systems to ensure exploitation is made in various places. The next step, exploit, is the step after the effective and accurate method is determined, hackers would have to run a test for it to review its effectiveness and the Proof of Concept (PoC) of the exploitation. To prevent any discovery by the system due to the tracks and footprint that were left behind, hackers will cover their tracks after any testing (Riofrío et al., 2021) with BleachBit or CCleaner that could provide functions such as system cleaning and browser cleaning (Shahine, 2023; Alferidah and Jhanjhi, 2020). Technologies such as virtualization are used to test the exploits safely in an environment, due to the ability to isolate the test environment from the host system. Lastly came the step deploy, where the hackers deploy the exploitation into the real system or sell it to the black market.

The figure below which was created by Lillian Ablon and Andy Bogart shows the zero-day exploit life cycle:

Figure 4. The Phase of Exploit Development. (Ablon and Bogart, n.d.).

Figure 4. The Phase of Exploit Development. (Ablon and Bogart, n.d.).

Discussion on Security Issues and Countermeasures

Case 1: HAFNIUM targeting Exchange Servers with 0-Day Exploits

Case Overview

In an era where digital communications are crucial to business operations, cybersecurity is really important to maintain organizational integrity. Microsoft Exchange, one of the most widely used communications platforms, serves as an important pillar in many organizations. In early January 2021, suspicious activities were detected on Microsoft Exchange servers, which after investigation, turned out to be zero-day exploits. Based on observed victimology, tactics and procedures, Microsoft attributed this attack to HAFNIUM, a group assessed to be state-sponsored and operating out of China (Security and Intelligence, 2023).

The HAFNIUM attack compromised a huge amount of organizations globally, affecting sectors as diverse as infectious disease researchers, law firms, higher education institutions, and defense contractors. The breach allowed attackers to access sensitive communications, exfiltrate data, and install additional malware for long-term exploitation. By March 5 2021, the estimated number of affected organizations was more than 30,000 in the US alone and hundreds of thousands globally (Grigutytė and Grigutytė, 2024; Kumar et al., 2021).

There were several zero-day vulnerabilities associated with this incident. These kinds of vulnerabilities are highly desirable for attackers due to their effectiveness and stealth since they allow for undetected intrusions into critical systems. In response to the escalating threat, Microsoft swiftly released patches to mitigate these vulnerabilities and issued detailed guides to help organizations defend against ongoing attacks.

Security Issues

Table 1. Vulnerability types for case 1.

Table 1. Vulnerability types for case 1.

CVE	Vulnerability Type
CVE-2021-26855	Server-Side Request Forgery (SSRF)
CVE-2021-26857	Insecure Deserialization
CVE-2021-26858	Arbitrary File Write
CVE-2021-27065	Arbitrary File Write

Microsoft released out-of-band advisories on March 2 in response to the above four zero-day vulnerabilities in Microsoft Exchange Server that have been actively exploited.

CVE-2021-26855

It is a server-side request forgery (SSRF) vulnerability in Microsoft Exchange. This vulnerability allowed the hackers to send arbitrary HTTP requests and authenticate as the Exchange server. Microsoft states that the Exchange Server that is vulnerable must have the ability of accepting untrusted connections via port 443. This vulnerability can be exploited remotely and doesn't require any type of authentication, specific knowledge, or access to the target environment. All that the attacker needs to know is the IP address or fully qualified domain name (FQDN) of an Exchange Server and the email account they wish to target (Adair, 2021).

CVE-2021-26857

It is an insecure deserialization vulnerability in Microsoft Exchange. The Exchange Unified Messaging Service, which offers voicemail capability along with other services, is specifically where the problem lies. An attacker would need to first exploit another vulnerability or authenticate with administrator privileges to the vulnerable Exchange Server in order to take advantage of this vulnerability. If the exploitation is successful, the attacker will be able to execute any code as SYSTEM (Security and Intelligence, 2023b).

CVE-2021-26858

It is an Exchange arbitrary file write vulnerability that occurs post-authentication. HAFNIUM might leverage this vulnerability to write a file to any path on the server if they were able to authenticate with the Exchange server. They might possess stolen administrator credentials or use the CVE-2021-26855 SSRF vulnerability to authenticate. This would allow them to achieve remote code execution (RCE) (Security and Intelligence, 2023b).

CVE-2021-27065

This vulnerability is also similar to CVE-2021-26858, in the sense that it also requires authentication through exploiting CVE-2021-26855 SSRF vulnerability or by using stolen legitimate administrator credentials. Consequently, they would achieve remote code execution (RCE), allowing them to write files to any paths on the server (Security and Intelligence, 2023b).

Once HAFNIUM operators had gained initial access by taking advantage of these vulnerabilities, they deployed web shells on the hacked server. Web shells give hackers the ability to steal information and carry out other malicious deeds that compromise systems even more. Reportedly, the attackers were also able to obtain the offline address book (OAB) for Exchange. It would be useful for a determined threat actor to have this information in order to conduct additional target reconnaissance (Narang, 2021).

Grigutytė and Grigutytė (2024b) also explains that Microsoft revealed a new type of attack that takes advantage of the vulnerabilities on March 12, 2021. The infected systems were being used by hackers to spread the ransomware known as DearCry. The ransomware that infected the target and demanded a $16,000 ransom payment.

Threats Posed by Security Issues

Data Breach

Exploiting these Microsoft Exchange vulnerabilities could lead to significant data breaches. They could allow unauthorized access to sensitive data (Robinson, 2024b; Sindiramutty et al., 2024). This could include personal information, corporate secrets, financial details, and other confidential data stored in emails and associated attachments. The risk is even more serious since Exchange plays an integral role in organizational communication. It often houses a vast array of sensitive information. If attackers gain access, they could potentially leak this data. Such a scenario could lead to financial loss, reputational damage, and legal repercussions for failure to protect user data.

Installation of Malware

Once the attackers exploit vulnerabilities such as CVE-2021-26855 to gain initial access, they can install various types of malware. These malwares could serve multiple malicious purposes (Grigutytė and Grigutytė, 2024c). It might be used to spy on user activities. It could also corrupt data or even use the compromised system as a base for further attacks. This situation could also lead to the establishment of a persistent presence within the network. This would allow attackers ongoing access to the network and its resources. This presence can be difficult to get rid of and might lead to ongoing issues with data integrity and system stability.

Ransomware Attacks

After the Microsoft Exchange zero-day exploits, it was reported that there were cases of ransomware being deployed. Such an example was the DearCry ransomware (Grigutytė and Grigutytė, 2024c). This type of attack can be devastating. It not only prevents users from accessing critical data but also forces the hand of the organization to pay a ransom to restore access to their own information. All this with no guarantee that the attackers will honour the terms once payment is made.

Deeper Network Infection (Lateral Movement Within Networks)

Attackers might try to move deeper into a network after gaining initial access. Regarding the impact, once the attackers gain control of an Exchange server via CVE-2021-26855, it would be possible for them to use it to attack other systems within the network. This could include gaining access to administrative credentials and escalating their privileges. They could then use those privileges to move to other critical and sensitive systems. Lateral movement is dangerous because it allows attackers to extend their reach within the network. Under such conditions, security risks are higher and an attacker could cause a much broader impact and become invisible.

Discussion on Security Countermeasures

Conclusions

Key Takeaways

• Rapid Patch Deployment: The immediate release and application of patches were crucial in countering the impacts of these exploits.
• Advanced Detection Systems: Implementing sophisticated intrusion detection systems (IDS) can help in early identification of exploits.
• Proactive Security Posture: Encouraging a proactive security approach through regular audits, constant monitoring, and the use of behavioral analytics is essential.
• Network Segmentation and Access Controls: Reducing the amount of damage that may be caused by the exploit through network segmentation and strict access controls is vital.

References

1. Ablon, L. and Bogart, A. (n.d.). Zero Days, Thousands of Nights The Life and Times of Zero-Day Vulnerabilities and Their Exploits. [online] Available at: https://web.archive.org/web/20180720224154id_/https://www.rand.org/content/dam/rand/pubs/research_reports/RR1700/RR1751/RAND_RR1751.pdf [Accessed 10 Jun. 2024].
2. Adair, S. (2021) Operation Exchange Marauder: Active exploitation of multiple Zero-Day Microsoft Exchange vulnerabilities.
3. Adepu, S.; et al. (2019) 'Attacks on smart grid: power supply interruption and malicious power generation,' International Journal of Information Security, 19(2), pp. 189–211. [CrossRef]
4. Akello, N.B.O. (2024) 'Organizational information security threats: Status and challenges,' World Journal of Advanced Engineering Technology and Sciences, 11(1), pp. 148–162. [CrossRef]
5. Alferidah, D.K. and Jhanjhi, N. (2020) 'Cybersecurity Impact over Bigdata and IoT Growth,' 2020 International Conference on Computational Intelligence (ICCI) [Preprint]. [CrossRef]
6. Alkinani, M.H.; et al. (2021) '5G and IoT Based Reporting and Accident Detection (RAD) System to Deliver First Aid Box Using Unmanned Aerial Vehicle,' Sensors, 21(20), p. 6905. [CrossRef]
7. Ali, I., Jhanjhi, N. Z., Amsaad, F., & Razaque, A. (2022). The role of Cutting-Edge Technologies in Industry 4.0. Chapman and Hall/CRC eBooks, 10, 9781003203087-4.
8. Ashfaq F, Ghoniem RM, Jhanjhi NZ, Khan NA, Algarni AD. Using Dual Attention BiLSTM to Predict Vehicle Lane Changing Maneuvers on Highway Dataset. Systems. 2023; 11(4):196. [CrossRef]
9. Attaullah, M.; et al. (2022) 'Initial stage COVID-19 detection system based on patients’ symptoms and chest X-Ray images,' Applied Artificial Intelligence, 36(1). [CrossRef]
10. Azam, H. , Dulloo, M.I., Majeed, M.H., Wan, J.P.H., Xin, L.T. and Sindiramutty, S.R. (2023) 'Cybercrime Unmasked: Investigating cases and digital evidence,' International Journal of Emerging Multidisciplinaries. Computer Science and Artificial Intelligence, 2(1). [CrossRef]
11. Azam, H. , Dulloo, M.I., Majeed, M.H., Wan, J.P.H., Xin, L.T., Tajwar, M.A., et al. (2023) 'Defending the digital Frontier: IDPS and the battle against Cyber threat,' International Journal of Emerging Multidisciplinaries. Computer Science and Artificial Intelligence, 2(1). [CrossRef]
12. Azam, H. , Tajwar, M.A., et al. (2023) 'Innovations in Security: A study of cloud Computing and IoT,' International Journal of Emerging Multidisciplinaries. Computer Science and Artificial Intelligence, 2(1). [CrossRef]
13. Azeem, M.; et al. (2021) 'FOG-Oriented secure and lightweight data aggregation in IOMT,' IEEE Access, 9, pp. 11 1072–111082. [CrossRef]
14. Badyal, N. (2024) Scalable techniques for risk assessment of open-source libraries. [CrossRef]
15. Bilge, L. and Dumitraş, T. (2012) 'Before we knew it,': Proceedings of the 2012 ACM Conference on Computer and Communications Security [Preprint]. [CrossRef]
16. Bompos, K. (2020). Naval Postgraduate School Monterey, California Thesis Development Time Of Zero-Day Cyber Exploits In Support Of Offensive Cyber Operations.
17. Changsan, U. and Boonyopakorn, P. (2023) 'Log4shell Investigate Based On Generic Computer Forensic Investigation Model,' 2023 20th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON) [Preprint]. [CrossRef]
18. Chesti, I.A.; et al. (2020) 'Evolution, Mitigation, and Prevention of Ransomware,' 2020 2nd International Conference on Computer and Information Sciences (ICCIS) [Preprint]. [CrossRef]
19. Conti ransomware threat group adopts Log4j exploit to compromise VMware vCenter servers (no date). https://www.broadcom.com/support/security-center/protection-bulletin/conti-ransomware-threat-group-adopts-log4j-exploit-to-compromise-vmware-vcenter-servers.
20. Dell (2022) How to remove JndiLookup class from the log4j-2.x core jar file. https://www.dell.com/support/kbdoc/en-us/000194596/how-to-remove-jndilookup-class-from-the-log4j-2-x-core-jar-file.
21. Elmo, D. , II (2023) The Open Charge Point Protocol (OCPP) version 1.6 Cyber Range a training and testing platform. https://corescholar.libraries.wright.edu/etd_all/2788/.
22. en-us (no date). https://help.minecraft.net/hc/en-us/articles/4416199399693-Security-Vulnerability-in-Minecraft-Java-Edition.
23. Fadolalkarim, D. and Fadolalkarim, D. (2024) 'DCAFixer: an automatic tool for bug detection and repair for database Java client applications,' IEEE Transactions on Dependable and Secure Computing/IEEE Transactions on Dependable and Secure Computing, pp. 1–16. [CrossRef]
24. Fatima-Tuz-Zahra, N.; et al. (2020) 'Proposing a Hybrid RPL Protocol for Rank and Wormhole Attack Mitigation using Machine Learning,' 2020 2nd International Conference on Computer and Information Sciences (ICCIS) [Preprint]. [CrossRef]
25. Fidler, M. (2024) Zero progress on Zero days: How the last ten years created the modern spyware market. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4626426.
26. Fleury, M. and Reverbel, F. (2003) 'The JBoss extensible server,' in Lecture notes in computer science, pp. 344–373. [CrossRef]
27. GeeksforGeeks. (2020). Zero-day Exploit (Cyber Security Attack). [online] Available at: https://www.geeksforgeeks.org/zero-day-exploit-cyber-security-attack/.
28. Gill, S.H.; et al. (2022) 'Security and privacy aspects of cloud Computing: A Smart Campus case study,' Intelligent Automation and Soft Computing/Intelligent Automation & Soft Computing, 31(1), pp. 117–128. [CrossRef]
29. Goni, A. (2020) 'International Journal of Research and Scientific Innovation,' International Journal of Research and Scientific Innovation [Preprint]. [CrossRef]
30. Gopi, R.; et al. (2021) 'Enhanced method of ANN based model for detection of DDoS attacks on multimedia internet of things,' Multimedia Tools and Applications, 81(19), pp. 2 6739–26757. [CrossRef]
31. Gouda, W.; et al. (2022) 'Detection of COVID-19 based on chest x-rays using deep learning,' Healthcare, 10(2), p. 343. [CrossRef]
32. Grigutytė, M. and Grigutytė, M. (2024) Microsoft Exchange zero-day vulnerability explained. https://nordvpn.com/blog/microsoft-exchange-exploits/.
33. He, Y.; et al. (2022) 'A survey on Zero Trust architecture: Challenges and future trends,' Wireless Communications and Mobile Computing, 2022, pp. 1–13. [CrossRef]
34. Humayun, M.; et al. (2022) 'A Transfer Learning Approach with a Convolutional Neural Network for the Classification of Lung Carcinoma,' Healthcare, 10(6), p. 1058. [CrossRef]
35. Hurst, W. and Shone, N. (2024) 'Critical infrastructure security: Cyber-threats, legacy systems and weakening segmentation,' in Elsevier eBooks, pp. 265–286. [CrossRef]
36. Hussain, K.; et al. (2024) 'Threats and Vulnerabilities of Wireless Networks in the Internet of Things (IoT),' 2024 IEEE 1st Karachi Section Humanitarian Technology Conference (KHI-HTC) [Preprint]. [CrossRef]
37. Kaspersky (2018). What is Zero Day Exploit? [online] www.kaspersky.com. Available at: https://www.kaspersky.com/resource-center/definitions/zero-day-exploit.
38. Kumar, M.S.; et al. (2021) 'Blockchain based peer to peer communication in autonomous drone operation,' Energy Reports, 7, pp. 7925–7939. [CrossRef]
39. Lyu, M. , Gharakheili, H.H. and Sivaraman, V. (2024) 'A survey on Enterprise Network Security: asset behavioral monitoring and Distributed attack Detection,' IEEE Access, p. 1. [CrossRef]
40. M. Lim, A. M. Lim, A. Abdullah, N. Z. Jhanjhi, M. Khurram Khan and M. Supramaniam, "Link Prediction in Time-Evolving Criminal Network With Deep Reinforcement Learning Technique," in IEEE Access, vol. 7, pp. 184797-184807, 2019. [CrossRef]
41. Muhammad, Ibrahim, Humayun Mamoona, N. Z. Jhanjhi, and M. N. Talib. "Intelligent Computing and Innovation on Data Science." (2021): 425-434.
42. Möller, D.P.F. (2023) 'Threats and threat intelligence,' in Advances in information security, pp. 71–129. [CrossRef]
43. Msrc (2021) Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities | MSRC Blog | Microsoft Security Response Center.
44. Nair, D. and Mhavan, N. (2023) 'Augmenting Cybersecurity: A survey of intrusion detection systems in combating zero-day vulnerabilities,' in Contemporary studies in economic and financial analysis, pp. 129–153. [CrossRef]
45. Narang, S. (2021). CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065: Four Zero-Day vulnerabilities in Microsoft Exchange Server exploited in the Wild. https://www.tenable.com/blog/cve-2021-26855-cve-2021-26857-cve-2021-26858-cve-2021-27065-four-microsoft-exchange-server-zero-day-vulnerabilities.
46. Nathaniel, H. (2022) Defense Technical Information Center. https://apps.dtic.mil/sti/citations/trecms/AD1200567.
47. Nguyen, T.G.; et al. (2023) 'Multi-Granularity detector for vulnerability fixes,' IEEE Transactions on Software Engineering, 49(8), pp. 4035–4057. [CrossRef]
48. owasp.org. (n.d.). Fuzzing | OWASP. [online] Available at: https://owasp.org/www-community/Fuzzing#:~:text=A%20fuzzer%20is%20a%20program.
49. Pauley, E. , Barford, P. and McDaniel, P. (2023a) 'The CVE Wayback Machine: Measuring Coordinated Disclosure from Exploits against Two Years of Zero-Days,' ACM [Preprint]. [CrossRef]
50. Pratama, A. and Adi Rafrastara, F. (2012). Computer Worm Classification. International Journal of Computer Science and Information Security, [online] 10(4), pp.21–24. Available at: https://www.researchgate.net/publication/299580232_Computer_Worm_Classification.
51. Rains, T. (2020) Cybersecurity Threats, malware Trends, and Strategies, Packt Publishing eBooks. http://uh2.scholarvox.com/catalog/book/88897769.
52. Rhodes, C. and Bettany, A. (2016) Windows installation and update troubleshooting, Apress eBooks. [CrossRef]
53. Riegler, M.; et al. (2023) 'A model-based mode-switching framework based on security vulnerability scores,' Journal of Systems and Software/˜the œJournal of Systems and Software, 200, p. 11 1633. [CrossRef]
54. Riofrío, X. , Astudillo-Salinas, F., Tello-Oquendo, L. and Merchan-Lima, J. (2021). The Zero-day attack: Deployment and evolution. Latin-American Journal of Computing, [online] 8(1), pp.38–53. Available at: https://lajc.epn.edu.ec/index.php/LAJC/article/view/208/148 [Accessed 22 Apr. 2024].
55. Robinson, P. (2024) Microsoft Exchange Server attack: The Hafnium Breach. https://www.lepide.com/blog/the-hafnium-breach-microsoft-exchange-server-attack/.
56. Saurabh, K.; et al. (2024) 'HMS-IDS: threat intelligence integration for Zero-Day exploits and advanced persistent threats in IIoT,' Arabian Journal for Science and Engineering [Preprint]. [CrossRef]
57. Security, M. 365 and Intelligence, M.T. (2023) HAFNIUM targeting Exchange Servers with 0-day exploits.
58. Shah, I.A. , Jhanjhi, N.Z. and Laraib, A. (2022) 'Cybersecurity and blockchain usage in contemporary business,' in Advances in information security, privacy, and ethics book series, pp. 49–64. [CrossRef]
59. Shahine, M. (2023). CCleaner vs BleachBit: A Deep Dive. [online] Internet Safety Statistic.
60. Shandilya, S.K.; et al. (2024) 'Achieving Digital Resilience with Cybersecurity,' in EAI/Springer Innovations in Communication and Computing, pp. 43–123. [CrossRef]
61. Sharifonnasabi Fatemeh, Jhanjhi Noor Zaman, John Jacob, Obeidy Peyman, Band Shahab S., Alinejad-Rokny Hamid, Baz Mohammed, Hybrid HCNN-KNN Model Enhances Age Estimation Accuracy in Orthopantomography, Frontiers in Public Health, VOLUME 10, 2022, DOI=10.3389/fpubh.2022.879418.
62. Sindiramutty, S.R. (2024) 'Autonomous Threat Hunting: a future paradigm for AI-Driven Threat intelligence,' arXiv (Cornell University) [Preprint]. [CrossRef]
63. Sindiramutty, S. R. , Jhanjhi, N. Z., Tan, C. E., Khan, N. A., Shah, B., & Gaur, L. (2024). Securing the Digital Supply Chain Cyber Threats and Vulnerabilities. In N. Jhanjhi & I. Shah (Eds.), Cybersecurity Measures for Logistics Industry Framework (pp. 156-223). IGI Global. [CrossRef]
64. Sindiramutty, S.R.; et al. (2024) 'Cybersecurity measures for logistics industry,' in Advances in information security, privacy, and ethics book series, pp. 1–58. [CrossRef]
65. Singh, N. , Buyya, R. and Kim, H. (2024) 'Securing Cloud-Based Internet of Things: Challenges and mitigations,' arXiv (Cornell University) [Preprint]. [CrossRef]
66. Spafford, E. , Metcalf, L. and Dykstra, J. (2023) Cybersecurity myths and misconceptions: Avoiding the Hazards and Pitfalls That Derail Us. Addison-Wesley Professional.
67. Ray, S. K. , Sinha, R., & Ray, S. K. (2015, June). A smartphone-based post-disaster management mechanism using WiFi tethering. In 2015 IEEE 10th conference on industrial electronics and applications (ICIEA) (pp. 966-971). IEEE.
68. Ray, S. K., Pawlikowski, K., & Sirisena, H. (2009). A fast MAC-layer handover for an IEEE 802.16 e-based WMAN. In AccessNets: Third International Conference on Access Networks, AccessNets 2008, Las Vegas, NV, USA, October 15-17, 2008. Revised Papers 3 (pp. 102-117). Springer Berlin Heidelberg.
69. Tamayo, J. , López, L.I.B. and Caraguay, Á.L.V. (2024) 'Detection of distributed denial of service attacks carried out by botnets in Software-Defined networks,' arXiv (Cornell University) [Preprint]. [CrossRef]
70. Touré, A.; et al. (2024) 'A framework for detecting zero-day exploits in network flows,' Computer Networks, p. 11 0476. [CrossRef]
71. Wan, M.; et al. (2012) 'Locator/Identifier Separation: Comparison and analysis on the mitigation of worm propagation,' ˜the œInternational Journal of Computational Intelligence Systems/International Journal of Computational Intelligence Systems, 5(5), p. 868. [CrossRef]
72. Wang, Y.; et al. (2014) 'Modeling the Propagation of worms in networks: A survey,' IEEE Communications Surveys and Tutorials/IEEE Communications Surveys and Tutorials, 16(2), pp. 942–960. [CrossRef]
73. Wen, B.O.T.; et al. (2023) 'Detecting cyber threats with a Graph-Based NIDPS,' in Advances in logistics, operations, and management science book series, pp. 36–74. [CrossRef]
74. www.ibm.com. (n.d.). What is a Zero-Day Exploit? | IBM. [online] Available at: https://www.ibm.com/topics/zero-day#:~:text=A%20zero%2Dday%20exploit%20is.
75. Xu, G. and Meng, L. (2023) 'A novel algorithm for identifying influential nodes in complex networks based on local propagation probability model,' Chaos, Solitons & Fractals/Chaos, Solitons and Fractals, 168, p. 113155. [CrossRef]
76. Zerdoumi, S., Hashem, I.A.T. & Jhanjhi, N.Z. A new spatial spherical pattern model into interactive cartography pattern: multi-dimensional data via geostrategic cluster. Multimed Tools Appl 81, 22903–22952 (2022). [CrossRef]