Everything you need to know about zero-day attacks

You can secure your networks and data with firewalls and antivirus software, but you could still be at risk. That’s because even if previously successful malware attacks and brute-force methods don’t work, hackers will exploit a software, hardware, or firmware flaw that has yet to be discovered or secured by manufacturers and antivirus companies. These are known as zero-day attacks, and they’re far more dangerous than the average cyberthreat.

What is a zero-day attack?

A zero-day vulnerability is an unknown software bug that has therefore not been patched. The ‘zero-day’ suggests that developers have nothing ready to repair the vulnerability when the bug is first released — on day ‘zero’.

When a zero-day attack occurs, it is usually because hackers have discovered these bugs well before developers are even aware of them. By the time they’re found and patched, hackers may have already inflicted plenty of damage. Some companies may need up to a week to patch critical flaws, giving hackers quite a bit of time to infect computers worldwide.

Each zero-day attack is different, but they’re typically used to spread computer viruses, worms, ransomware, and many other kinds of malicious programs.

Why are they so dangerous?

Zero-day attacks are dangerous because there are no patches or pre-recorded ‘threat signatures’ that would allow firewalls and antivirus software to detect them. If they contain malware that enables remote control over a computer or server, hackers can easily infiltrate a company’s network to steal data and wreak havoc.

Instances of zero-day threats have increased dramatically over the years. According to a recent threat intelligence report, there were 214 unique zero-day attacks in 2017, while only 54 were found in 2015. The threats affected major device manufacturers and industry-leading software developers like Microsoft, Apple, and Google, and since most companies roll out new programs at a breakneck pace, more zero-day attacks will likely occur throughout the year.

What’s worse is the code for zero-day vulnerabilities is sold on the dark web, too, which means any sufficiently motivated criminal group can acquire the tools to launch a major zero-day attack.

How do developers deal with zero-days?

Zero-day attacks are such a huge issue that tech companies reward responsible, ‘white-hat’ hackers who can identify bugs and report their findings. Microsoft, for instance, offers $250,000 to anyone that reports a major zero-day vulnerability.

How do you protect your business?

As mentioned, firewalls and antivirus software can only protect you from known threats. The best defense against zero-day attacks is a multi-layered security strategy that involves:

  • Installing an intrusion prevention system – IPS uses anomaly-based detection to monitor network traffic for suspicious behaviour, allowing you to root out even the most obscure malware strains.
  • Updating software –  It’s good to get in the habit of patching software as soon as updates are released. Even if the patch doesn’t address a zero-day issue directly, installing security patches reduces your exposure to other attacks and makes it difficult for hackers to damage your computer. Patch management tools are a great way to stay on top of software updates.
  • Adopting security best practices – Employees should be trained to never click on suspicious links and to always be careful with email attachments and free software, even if they appear to have come from a trustworthy source. You should consider web and email filtering tools to reduce the likelihood that you and your employees ever encounter harmful programs.
  • Removing unused apps – Another way to reduce your exposure to zero-day attacks is to simply remove programs you don’t use. Chances are, they haven’t been updated in a while and may have glaring flaws that can put your entire network at risk.
  • Blocking network access – If just one users’ device has been infected with malware, the infection can spread to the entire network. When this happens, you should shut off all network connections to prevent the malware from spreading further.

If you don’t know where to find the security tools and expertise to keep zero-days at bay, Empower IT Solutions has everything your Australian business needs. We’ve partnered with leading tech companies like Microsoft, Sophos, and ESET to provide you with comprehensive intrusion prevention systems, patch management tools, and antivirus software. We also offer proactive IT maintenance to ensure the safety of your computer systems. Call us now.