Everything you need to know about zero-day attacks

You can secure your networks and data with firewalls and antivirus software, but you could still be at risk. That’s because even if previously successful malware attacks and brute-force methods don’t work, hackers can still exploit a software, hardware, or firmware flaw that has yet to be discovered or secured by manufacturers or antivirus companies. These are known as zero-day attacks, and they’re far more dangerous than the average cyberthreat.

What is a zero-day attack?

A zero-day vulnerability is an unknown software bug that has therefore not been patched. The ‘zero-day’ suggests that developers have nothing ready to repair the vulnerability when the bug is first released — on day ‘zero’.

When a zero-day attack occurs, it is usually because hackers have discovered these bugs well before developers are even aware of them. By the time they’re found and patched, hackers may have already inflicted plenty of damage. Some companies may need up to a week to patch critical flaws, giving hackers quite a bit of time to infect computers worldwide.

Each zero-day attack is different, but they’re typically used to spread:

  • computer viruses,
  • worms,
  • ransomware, and
  • many other kinds of malicious programs.

Why are they so dangerous?

Zero-day attacks are dangerous because there are no patches or pre-recorded ‘threat signatures’,  These signatures allow firewalls and antivirus software to detect them. If they contain malware that enables remote control over a computer or server, hackers can easily infiltrate a company’s network to steal data and wreak havoc.

Instances of zero-day threats have increased dramatically over the years. According to a recent threat intelligence report, there were 214 unique zero-day attacks in 2017. This is a huge increase from a 2015 report where only 54 were found. The threats affected major device manufacturers and industry-leading software developers like Microsoft, Apple, and Google. Since most companies roll out new programs at a breakneck pace, more zero-day attacks will likely occur throughout the year.

What’s worse is the code for zero-day vulnerabilities is sold on the dark web. This means that any sufficiently motivated criminal group can acquire the tools to launch a major zero-day attack.

How do developers deal with zero-days?

Zero-day attacks are such a huge issue that tech companies reward responsible, ‘white-hat’ hackers who can identify bugs and report their findings. Microsoft, for instance, offers $250,000 to anyone that reports a major zero-day vulnerability.

How do you protect your business?

As mentioned, firewalls and antivirus software can only protect you from known threats. The best defence against zero-day attacks is a multi-layered security strategy that involves:

Installing an intrusion prevention system

IPS uses anomaly-based detection to monitor network traffic for suspicious behaviour. This allows you to root out even the most obscure malware strains.

Updating software

It’s good to get in the habit of patching software as soon as updates are released. Even if the patch doesn’t address a zero-day issue directly. Installing security patches reduces your exposure to other attacks and makes it difficult for hackers to damage your computer. Patch management tools are a great way to stay on top of software updates.

Adopting security best practices

Employees should be trained to never click on suspicious links and to always be careful with email attachments and free software. This is the case, even if they appear to have come from a trustworthy source. You should consider web and email filtering tools to reduce the likelihood that you and your employees ever encounter harmful programs.

Removing unused apps

Another way to reduce your exposure to zero-day attacks is to simply remove programs you don’t use. Chances are, they haven’t been updated in a while and may have glaring flaws that can put your entire network at risk.

Blocking network access

If just one users’ device has been infected with malware, the infection can spread to the entire network. When this happens, you should shut off all network connections to prevent the malware from spreading further.

Empower IT Solutions can help your Australian business find the security tools, along with the expertise to keep zero-days at bay. We partner with leading tech companies like Microsoft, Sophos, and ESET to provide you with:

  • comprehensive intrusion prevention systems,
  • patch management tools,
  • antivirus software, and
  • proactive IT maintenance

Our goal is to ensure the safety of your computer systems. Give us a call.