Zero-day vulnerabilities refer to new vulnerabilities that are typically discovered by an independent researcher or “bug bounty hunter” which are then validated by the original developer of the software. It essentially means that the developer has “zero days” to address the issue. The problem is, that vulnerability may have already been exploited by cybercriminals.
ANATOMY OF A ZERO-DAY ATTACK
Discovering and exploiting a previously unknown vulnerability is the ultimate prize for cybercriminals. To them, it means they are one step ahead of developers. The zero-day attack typically goes down like this:
- Identify vulnerabilities: Cybercriminals will either test open-source code and proprietary applications for vulnerabilities or they will purchase information on vulnerabilities that are not yet public.
- Create a kit, script, or process. Cybercriminals will then create a kit, script, or process to exploit the newly discovered vulnerability.
- Identify vulnerable systems. The next step is to find an entry point into the system using automated scanners, bots, or manual probing.
- Plan the attack. The strategy and tactics used in this plan will depend greatly on the type of attack the cybercriminal would like to unleash.
- Infiltrate the system and launch the malicious code. The last step is to put the plan and malicious code into action. Unfortunately, it’s not uncommon for all five of these steps to occur well before the software developers have discovered the vulnerability and released a patch.
RECENT EXAMPLES OF ZERO-DAY CYBERATTACKS
Preventing zero-day attacks presents a significant challenge. They often come without warning and can wreak havoc on your system until a patch is released. The best way to improve your security and reduce risk is to stay alert and learn from recent zero-day attacks.
- Microsoft. In 2020, Microsoft warned users about two separate vulnerabilities. Unfortunately, despite uncovering the vulnerabilities, Microsoft admitted that it was unable to immediately provide a security patch. Instead, these vulnerabilities left a door open for cybercriminals … and they took advantage of that opportunity. “The attacks targeted remote code execution (RCE) vulnerabilities in the Adobe Type Manager (ATM) library … the flaws in ATM enabled attackers to use malicious documents to remotely run scripts.”
- Internet Explorer. Microsoft’s legacy browser also fell victim to a zero-day scenario. In this case, the vulnerability occurred in Internet Explorer’s v9-11 version as a result of a flaw in the way the scripting engine managed objects in memory. Attackers then used phishing to direct people to websites that intentionally exploited this flaw.
These are just three recent examples, but they are certainly not the only examples of zero-day vulnerabilities that cybercriminals exploited.
THE BEST WAY TO PROTECT YOUR BUSINESS
“No business can protect all its systems and SaaS applications against zero-day attacks, regardless of whether it is Office 365, G Suite, or Salesforce. The attacks are only going to get bigger and bolder, as experts believe the frequency of zero-day attacks will rise to one per day by 2021, as opposed to one per week in 2015.”
The inherent challenge with zero-day vulnerabilities is they are, by all intents and purposes, unknown. The best way to protect yourself and your business is to stay informed about all software and applications within your environment and apply security patches immediately. We strongly recommend subscribing to and closely monitoring a threat intelligence service/feed such as those found here.
Additionally, it’s a good long-term practice to practice safe online security habits, including configuring your security settings for your operating system, browser, and security software, as well as implementing network access controls.
Next-gen antivirus solutions, as well as endpoint detection and response solutions and IP security, can provide an extra layer of protection for your network.