A Guide to Understanding Zero-day Attacks

A Guide to Understanding Zero-day Attacks

A Guide to Understanding Zero-day Attacks

A flaw that resides in software, hardware or firmware, a zero-day exploit is one of the toughest types of attacks to detect and prevent. While zero-day attacks are one of the lesser-known types of cybersecurity attacks, they are more common than you may think. 

“Nearly one out of three malware attacks is a zero-day attack that cannot be detected by traditional antivirus programs, and over nine out of every ten malware threats makes it way into an organization because of a compromised file downloaded from email.”

What is a Zero-day Attack?

A zero-day attack is defined as the period between when an unpatched vulnerability is discovered and the actual attack. Day zero refers to the day that the recipient of the attack discovers the exploit and begins working on a solution. Thus, the race begins for the attack recipient to patch the vulnerability before the attack fully commences.

Basically, attackers are looking for vulnerabilities in your systems, such as unpatched software, and exploit that opportunity. Zero-day exploits may take the form of malware, viruses, polymorphic worms or trojans. Hackers may post the exploits on the dark web, where they buy, sell or trade them.

The Cost

In some cases, financial gain is sought. In other cases, confidential corporate data is sold on the dark web or public file-sharing websites. Either way, your team spends time troubleshooting the problem while a negative public relations storm ensues as a result of your data breach.

One zero-day exploit was listed for sale on the dark web for $90,000 by cybercriminals. The vulnerability “was believed to be able to affect machines running any form of windows, which could have impacted millions.” Or there’s the IoS one-click jailbreak that was up for sale for $1.5 million by exploit broker Zerodium.

In order to better understand zero-day attacks, let’s examine a few examples that occurred in recent years.

Examples of Zero-day Attacks

One of the most famous zero-day attacks was the Stuxnet worm, which used infected code that sat idle for a period of time. Eventually, the full-scale attack was launched, which in turn sped up and destroyed several centrifuges that featured sensors in Iran’s nuclear power plant.

Back in 2011, attackers went after RSA, a security vendor, by using an unpatched vulnerability in Adobe Flash Player. By distributing emails via Excel file attachments, a Flash file was activated and customer data was stolen, which included information used by RSA customers in their SecurID security tokens.

The Sony hack is another famous example of a zero-day attack. Teams of hackers, known as the Guardians of Peace, took down Sony’s network. Sensitive corporate data, including films, emails and contracts, were released on public file-sharing websites. While money wasn’t the motive, the attackers did affect the release of the Sony film, “The Interview.”

Another popular zero-day attack was the DNC (Democratic National Committee) hack. In this case, “there were at least six zero-day vulnerabilities that were exploited to gain access to stolen data.” The vulnerabilities were discovered in Microsoft Windows, Adobe Flash and Java and were exploited by a well-planned spear-phishing attack that targeted specific individuals. 

7 Ways Prevent a Zero-day Attack

  1. Patch and update
    Apply patches to servers, systems and networks as soon as they are available. Never let patches go for an extended period of time. This helps to reduce the number of flaws within your systems. Companies should also factor zero-day attacks into patch management policies and overall cybersecurity policies and procedures.

  2. Use multiple layers of security
    Don’t just depend on patches and device security to prevent zero-day attacks. There’s more work to be done. Use firewalls or AI-based intrusion detection systems that filter out malicious traffic or network activities. Also, utilize sandboxes to quarantine suspicious files or as working environments.

  3. Restrict the use of open-source software
    By restricting the use of and securing your open-source software, zero-day attacks can better be prevented. Be sure to keep track of open-source software usage across your organization and update as often as required by the issuing company. This will help to ensure that vulnerabilities occur less often.

  4. Use virtual local area networks
    By segregating areas of the network with dedicated physical or virtual network segments, otherwise known as a VLAN (Virtual Local Area Network), you can isolate sensitive traffic that flows between servers. VLANs make it possible for network administrators to partition a switched network to match your own needs. 

  5. Secure email gateways, servers and networks
    Secure these equally as zero-day attacks can present themselves to various parts of an organization. Whether the hackers seek to deploy malware or deliver payloads, it’s important to consider every potential impact in order to prevent a zero-day exploit from launching. Also, implement IPsec to apply encryption and authentication to network traffic.

  6. Change all default passwords
    Most IoT devices come with default passwords, which can be easier for humans to guess. Additionally, “default passwords are easy targets for automated attacks that scan the internet for devices with default credentials, and it should also reduce the risk of an organization falling victim to brute-force attacks.”  

  7. Regularly practice cybersecurity
    Cybersecurity efforts should be an ongoing part of your efforts to secure your network and data. Promote a culture of awareness when it comes to cybersecurity and how users might get lured via a phishing attack, as an example. Educate employees regularly on the dangers lurking and how they can help protect your company’s data.

  8. Have a disaster recovery strategy
    If you are affected by a zero-day attack, it’s imperative to have a disaster recovery plan in place. This will allow you to mitigate the damage if an attack occurs. Utilize a combination of on and off-site storage for backing up your data.

Just like most types of cybersecurity attacks, hackers are becoming more adept at deploying and launching zero-day attacks. By applying the aforementioned techniques, you will increase your chances of staving off a zero-day attack. However, it’s important to constantly stay vigilant when it comes to your cybersecurity.