fbpx
September 12, 2023
by Mary Grlic
aruba

Zero day attacks: What they are & how best to avoid them

What are Zero-Day Attacks? Zero-Day attacks, which we could compare to the saying: “Any day now,” involves hackers who try to take advantage of these sorts of vulnerabilities to perform…...
"

Start reading

What are Zero-Day Attacks?

Zero-Day attacks, which we could compare to the saying: “Any day now,” involves hackers who try to take advantage of these sorts of vulnerabilities to perform a cyberattack on a system. When a hacker exploits a zero-day vulnerability and successfully deploys some sort of malware on a system or device, it then becomes known as a “zero-day attack.” This is no new phenomenon: hackers will always try to take advantage of weaknesses within a network, especially if they’ve found one that no one else seems to know anything about.

Why is it called “Zero Day?” It refers to the amount of time that developers have to address the vulnerabilities within the system. These attacks are scary because they happen so quickly, before developers have caught the flaw in their own system. Sometimes, they’re called “zero days” for short.

What is a Zero-Day Attack? Prevention & Protection❓ 

Zero Day attacks can affect different types of hardware or software, and unfortunately, can be quite common. Google’s popular web browser Chrome has already seen three Zero-Day attacks in 2023 alone. Back in 2021, they saw 14 zero days, which was almost double from the year before (they had 8 attacks in 2020). Meanwhile, in 2019, they only found 2. It’s certainly comforting that the numbers have fallen this year but as you can see, even major corporations can make mistakes.

How it Happens

Developers will create an application, software, or a piece of technology which goes through testing to prepare it for use. However, this development contains a zero day vulnerability that the creators are unaware of. Once the system is live, a hacker might discover said vulnerability in the system, which they will then take advantage of. They will write and execute malicious code to exploit the vulnerability in the system. After that, it  becomes clear that the system is at risk but the severity of the threat can vary. The hope is that the general public, researchers, or developers will notice a problem in the device or software before this ever happens, and work to resolve it as quickly as possible.

Who Do Zero Day Attacks Target?

Zero day attacks can exploit any sort of industry, company, or individual. Typically, hackers who favor these types of attacks will seek out government agencies, large organizations, web browsers, Internet of Things (IoT) devices, and others. These are all high-volume, high-powered systems that a lot of businesses utilize. Hackers see them as a good target for that reason. For example, zero-days have affected huge, reputable companies like Apple, Google, Microsoft, and Samsung—just to name a few. 

Apple iOS/macOS

Apple’s iPhone Operating System (iOS) has fallen victim to attacks since 2019, according to Kaspersky, a developer of cybersecurity products. Bleeping Computer reported that some iPhones got infected with, “spyware via iMessage zero-click exploits that exploited iOS zero-day bugs.” There were also zero-days in the iMac OS. Apple addressed these vulnerabilities with new updates to the OS. Since the start of 2023, Apple has seen and patched nine zero-days.

Google Chrome 

Chrome has gotten its fair share of zero-days too. In 2021, for example, the web browser suffered from zero-day threats, which were due to a bug in the JavaScript engine. That was just one of 14 exploits throughout the whole year. A graph below from Security Week shows that Chrome didn’t see exploits before 2019 but researchers say that doesn’t mean that there were none. In more recent years, companies have become more transparent about sharing zero-day data to better educate the public. Also, the deprecation of Flash might play a factor, as the use of Google Chrome rose at that point, leading to more risks.

Google Attempts to Explain Surge in Chrome Zero-Day Exploitation | Source: SecurityWeek

Windows

In April 2023, Microsoft patched a Windows zero-day bug that was used in ransomware attacks. The company said in a security alert that there was an attacker who exploited a vulnerability in the Windows Common Log File Systems (CLFS), which would give them full access to an unpatched system. Microsoft immediately went on the case to research and resolve the issue.

Samsung

Project Zero, which is Google’s zero-day exploit research team, found 18 vulnerabilities in Samsung’s Exynos chipsets. These flaws were reported between late 2022 and early 2023, with four of them being classified as the most serious. The Exynos chips were a piece of hardware used in mobile devices, wearables (i.e., smart watches), and cars. 

Source: Köf3, CC BY-SA 3.0 via Wikimedia Commons

How are Zero-Day Attacks Delivered?

Hackers can try to deliver a zero-day exploit to their target through common methods of social engineering, like spam, phishing, and malvertising. A threat actor can send a suspicious link or attachment through an email to trick a victim into clicking on it and deploying malware onto their device. Malvertising is similar, in ads that look legitimate actually aren’t, and when clicked can deploy malicious software. Hackers could also simply just use unauthorized access to deliver the attack to their target. This could be through a brute force attack or another exploit that takes advantage of the vulnerabilities within the system.

Some Famous Zero-Day Attacks

Stuxnet

This is one of the most famous examples of a zero-day attack, where a malicious computer worm targeted the manufacturing industry in various countries. There were zero-day vulnerabilities in the Siemens Step7 Software on industrial devices known as programmable logic controllers (PLCs). This targeted Iran’s uranium enrichment plants in order to disrupt nuclear planning. The story is so popular that it even was made into the 2016 documentary Zero Days.

BlueKeep Vulnerability

Microsoft’s OS experienced the BlueKeep Vulnerability in its Remote Desktop Protocol (RDP) implementation, which accessed the possibility of remote code execution. The bug was present in older versions of the operating system spanning from Windows 2000 through Windows Server 2008 R2 and Windows 7. These outdated systems, anything pre-Windows 8, were most at risk, proving just how important staying up-to-date with modern software is. The vulnerability was patched in May 2019.

First BlueKeep attacks prompt fresh warnings | WeLiveSecurity 

DNC Hack

This is another commonly talked about zero-day attack, in which data regarding the Democratic National Committee (DNC) was released to the public due to an unseen vulnerability. There were about 6 zero-day vulnerabilities that enabled unauthorized access to this information. Russian hackers found these threats through Microsoft Windows, Adobe Flash, and Java, and used spear-phishing to exploit them. 

Identifying Zero-Day Attacks

Zero-day attacks are hard to detect, since they exploit companies at their weakest points. That’s what makes these sorts of attacks so dangerous. According to Acronis, the best way to detect a zero-day attack is to analyze behavior and traffic within the network. Companies that are experiencing a zero-day attack might get an unexpected rise in traffic or encounter some suspicious occurrence within their website, network, applications and so on. 

Tips and Tricks | How to Stay Safe from Zero-Day Attacks

Unfortunately, you can’t entirely prevent zero-day attacks; they take advantage of vulnerabilities before companies can even begin to tackle them. However, you can take the necessary steps to reduce your likelihood of encountering such threats with the following advice. 

#1: Firewalls Are Your Best Friend

One of the best ways to protect your system from a zero-day attack is by having a firewall installed. Firewalls are one of the first lines of defense to protect your organization and are a must-have for every single network. They will protect your network from unauthorized access, which helps in avoiding cyber attacks. Every organization should have a firewall to direct traffic in and out of a network, and maximize safety. 

#2: Constantly Update

We said it before and we’ll say it again: always, always update. Consistently updating your software, operating systems (OS), and even hardware is CRUCIAL. It will patch precisely the vulnerabilities that might have been previously overlooked. When you don’t update, your device will be at risk; hackers will see straight through any vulnerabilities and take their shot. 

#3: You Need the Best Business Grade Antivirus

Having antivirus installed on your device will help to prevent malware or a virus from infecting it. A business grade AV software is a must for any company, no matter the size, as it goes beyond your typical antivirus solution. We highly recommend using Trend Micro XDR, which scans for malicious threats across multiple layers and has a quick, effective response rate. Many viruses go undetected for too long, meanwhile speed is essential when responding to such a threat. You don’t want to get the alert about a virus before it’s too late. XDR will help to mitigate these scenarios, making it the perfect AV solution for all businesses.

#4: Only Use Essential and Trusted Software & Apps

Download software and applications that you actually need for your business and remember to decipher the difference between a want and a need. Don’t use random stuff from the internet, even if it’s free!, as this could pose a huge risk (other than just the possibility of a zero-day vulnerability). “Free” might sound like it’s great because it’s, well, FREE but we should all remember that most free things often come at some unforeseen cost. Hackers know people love free things—don’t think this isn’t a tactic they themselves frequently use. A cyber attack, malware/ransomware outbreak, or virus can all be far, far more expensive than taking the smart road and using trustworthy applications. Be sure that any and all software on your device is an absolute must, as the more apps or software you have, the more at risk you become. It would be a shame if the reason you suffer from a zero-day attack is because of an old software from 10 years ago that your business doesn’t even use anymore. Protect yourself from an attack by deleting anything you don’t really use or need to make way for more modern and secure software.

0 Comments

aruba

Pick your next post

Why Every Organization Needs Managed IT Services

Why Every Organization Needs Managed IT Services

When your computer battery dies, how do you get it to work? If your internet connection fails, how will it get back up? If you need to access storage from a lost or damaged device, how do you find it? With so much of our organizations relying on technology, it is...

read more
Why Network Security is Important for Your Business?

Why Network Security is Important for Your Business?

In today’s AI powered world, safeguarding your sensitive information goes a long way beyond technical issues. It is the heart of your long-term business success. Ignoring the need to secure your network against the potential threat is similar to leaving your home...

read more
IT Managed Services for Cybersecurity

IT Managed Services for Cybersecurity

Most people know about cyber security, but not everyone has good enough knowledge of its subtleties and fine points. Cybersecurity is complex, and even people who want to read up on it do not always know how to shift through the mountains of content available online...

read more
What Are Managed IT Services and Why Do You Need Them?

What Are Managed IT Services and Why Do You Need Them?

Managed IT services are defined as the practice of fully or partially outsourcing the migration, implementation, maintenance, and upgrade of the different parts of IT infrastructure, including backup and security, to a third-party vendor who is typically located away,...

read more