Zero-day attacks… an almost-menacing, militant-sounding term.
Zero-day attacks (or zero-day exploits) are actually cyberattacks that take advantage of previously-unknown vulnerabilities in software. Zero-days are called so because the vulnerabilities are exploited before a patch is available, leaving developers zero days to fix the problem.
The Race is On
There is always a period of vulnerability when new technologies are released. If developers find the flaw first, they will often keep it quiet until they’ve created a patch to fix it.
However, security teams sometimes have to announce it publicly to help users avoid the issue (not opening an email attachment, not visiting a rogue website, etc.), or a user may be the first to find a vulnerability and post it on online forums, blogs, social media, etc.
If the latter is the case, the race is on. The vendor or security team will race to create a patch while the hackers will race to create malware and exploit the vulnerability before it’s closed. If the hackers prevail, that’s when a zero-day attack happens.
Once a patch is created to stop the cyber-bleed, the exploit is no longer a zero-day attack.
What Happens if the Hackers Win the Race?
Hackers who discover vulnerabilities in new software may keep it to themselves and capitalize on the security flaw. However, they may do something even more malicious – sell the malware to markets on the dark web that includes other hackers, crime syndicates, even foreign governments. Sellers have been known to fetch hundreds of thousands of dollars for their malware.
Purchasers, including governments, can then reverse engineer the exploit code to create a mutated version – a new cyberweapon that can be used to attack the original software that is not patched or similar software that is unprepared for an attack.
Are Zero-Day Attacks Common?
Unfortunately, they are becoming more and more prevalent.
According to Cybersecurity Ventures, “newly reported zero-day exploits will rise from one-per-week in 2015 to one-per-day by 2021.”
But in the more immediate future, expect to see more than ever zero-day vulnerabilities in commercial software – even from the big players like Adobe and Apple. Zero Day Initiative reports, “135 vulnerabilities were discovered in Adobe products during the first 11 months of 2016 and 76 in Microsoft products. Meanwhile, the number of zero-day flaws in Apple products doubled over the previous year, to 50 from 25.”
If the trends continue – and experts agree they will – we can only expect to see these numbers rise.
Examples of Zero-Day Attacks
• The 2014 cyber attack on Sony Pictures was a politically-motivated exploit that resulted in the release of sensitive information on public file-sharing sites including four unreleased movies, business plans, contracts, and personal emails belonging to top Sony executives.
• The 2016 Russian cyber attack on the Democratic National Committee was an extremely widely-reported attack. Spear phishing emails containing malicious links targeted employees of the DNC to gain access to their computers. It’s been reported the attacks were an attempt to interfere in and affect the outcome of the US election.
• In June 2016, a Russian cybercriminal, identified as “BuggiCorp,” sold malware on the dark web for $90,000 that could affect computers running any form of Windows including Windows 2000 up to Windows 10. The malware had the capability of attacking more than 1.5 billion Windows users.
Protecting Yourself from Zero-Day Attacks
• Stay current on industry news – read relevant publications and websites to alert yourself to software vulnerabilities and the creation of patches to eliminate them.
• Keep software and security patches up to date. This includes downloading the latest software releases and updates (yes, we know those reminders can be annoying, but more harm than good will come from ignoring them!), installing security patches, and fixing glitches in older software.
• Establish personal security best practices for your at-home devices, and for employees who use company computers.
• Create a fully-aligned security strategy; including implementing protocols and configuring settings for your operating system, internet browser and security software.
• Install proactive and comprehensive security solutions that alert to vulnerabilities and detect threats from known and unknown sources.