Zero-day attacks are becoming an increasingly popular method for attackers to cause disruption, and that’s why prevention is a must. We discuss zero-day attacks in depth and how to protect your business from this growing threat vector.
What are zero-day attacks?
When security vulnerabilities and flaws are found in software or operating systems, it becomes payday for cyber criminals. They exploit the fact that patches aren’t yet in place, but they have to work right away – hence the term ‘zero-day’.
How they work
Stage 1 – Vulnerability introduced
A developer has produced a software that unintentionally comprises vulnerabilities.
Stage 2 – Vulnerability discovered by attackers
Cyber criminals become aware of the vulnerability and begin working on ways to exploit it.
Stage 3 – Vulnerability discovered by vendor
At this point the vendor knows about the vulnerability but the patch is yet to be made available. After this the vendor or researchers will make this public knowledge.
Stage 4 - Antivirus signatures released
In the event of a zero-day malware, any anti-virus vendors can recognise its signature and protect against. However, there may be alternative ways of exploiting, leaving systems still exposed.
Stage 5 - Patch released and deployed
Depending on the severity of the vulnerability, the vendor will release a patch in due course. Although available, it can take a long period of time to deploy it. Factors such as not having the right resources in place to help with this, can affect the time it takes to fix the flaw.
High-profile zero-day attack examples
Sony Pictures were a target of a devastating zero-day attack back in 2014. Clear details of the vulnerability exploited are still unknown, but the attack crashed their network. The hackers also released the following sensitive information:
• Personal information about Sony employees
• Internal correspondence
• Information on executive salaries
• Unreleased Sony films
Back in 2011, RSA revealed that their security was hacked due to an (then unknown) unpatched vulnerability in Adobe Flash Players. The hackers gained access to the RSA network by sending employees emails with Excel attachments which activated a Flash file exploiting the zero-day flash vulnerability. The attack resulted in the cyber criminals extracting information about RSA’s SecurID, a two-factor authentication used to secure banking transactions and network access.
How to prevent zero-day attacks
To mitigate any security risks, your business can carry out regular and consistent vulnerability testing to detect any weaknesses in your systems. However, when vulnerabilities are found, you should work on patching immediately to prevent an exploit. By doing so, you’ll be one step ahead of the game by eradicating any opportunities that hackers may use to launch zero-day attacks.
Although patch management can’t technically prevent zero-day attacks, it can dramatically reduce the exposure of your systems. And keeping up with regular patching means that it does make attacking more challenging for cyber criminals to succeed. They may require additional vulnerabilities for the intended target to successfully carry out a successful attack.
By regularly performing software updates, you’ll have the latest features and be up to date with any critical patches that can fix any security holes. Avoiding software updates will leave your systems vulnerable and more prone to any infections that could be fixed with new updates.
What technologies can my business implement for further protection?
Although there are approaches your business can use for prevention against zero-day attacks, there are further measures that all businesses should take to prepare and reduce threats affecting your business.
Web Application Firewall
One of the most effective ways to prevent zero-day attacks is by using a robust web application firewall. This ensures that all incoming traffic to web applications is tracked, and any malicious traffic that can target vulnerabilities are filtered out.
Advanced Malware Prevention
Malware still continues to bypass existing and traditional defences and they’re constantly evolving in sophistication. Consider investing in an advanced malware prevention solution that targets zero-day attacks, advanced persistent threats, and advanced malware using multi-later threat prevention.
Endpoint Detection and Response
Basic security like anti-virus just doesn’t cut it anymore. With attackers getting more clever and finding new ways to target businesses, it’s imperative for all businesses to keep up and implement additional measures to combat attacks. Some attackers may install malicious bots and trojans, so you should look to invest in an effective Endpoint Detection and Response ( EDR ) solution which will work to prevent, detect and respond to unknown and advanced threats in real time.
Zero-day attacks are on the rise, so prevention is something all businesses need to be looking into. Looking to find out more information? Get in touch with our cyber security experts today.