A zero day is an unresolved vulnerability in software that puts end users at risk of being attacked by cyber criminals. Cyber criminals like to use these unsealed gateways to a corporate network to carry out their activities, posing a significant security risk.
Examples of zero-day attacks include the 2021 Chrome vulnerability and the infamous Stuxnet worm, which illustrate the impact of zero-day attacks on popular software and technology, emphasizing the vulnerabilities that were exploited and the subsequent repercussions for users and organizations.
“Software almost always contains errors,” says Niels Teusink, IT Security Expert at Eye Security. “Because something has not yet been taken into account in the development of a feature, or sometimes even due to a simple typo.” Traditionally, a zero day was seen as a vulnerability that the software manufacturer was not yet aware of. But recently the term has also been used for vulnerabilities for which there is no solution yet. “With the global Kaseya attack, there was also talk of a zero-day attack, but the leak was already known to the organisation there. In fact, they were busy building a fix for the vulnerability, only to be overtaken by the REvil attack just before they were ready.”
How do zero day attacks work?
You can see a zero day as a software vulnerability, like a hatch in the wall of a software application that you use in your company network. Zero day exploits target these unknown software vulnerabilities, making them particularly dangerous. You often use multiple applications, and they can all contain one or more hatches. For example, there can be a zero-day vulnerability in a browser, but also on a server, or in Windows. And not all hatches are open by default. Sometimes certain conditions must be met to open the hatch. “If there is a zero day in a browser, then the condition is, for example, that the user goes to a specific website, from where the attackers can put a piece of malicious software code on your system via the vulnerability,” explains Teusink. The hatch of that specific zero day only opens when the condition – visiting that specific website – is met.
Attackers exploit a vulnerable system by targeting security vulnerabilities before developers can patch them.
Protect yourself - reduce security vulnerabilities
To protect your company against this, it makes no sense to raise the walls around your applications, because you have no influence on how many zero-day hatches may be present in that wall. Instead, it is crucial to target security vulnerabilities by emphasizing input validation and utilizing web application firewalls (WAFs) to filter incoming traffic. Applying security patches promptly is crucial to mitigate risks associated with newly discovered vulnerabilities. It is important to build up security in layers, says Teusink. “It should never be the case that one zero day can disrupt your entire business operations.” That is why it is important, for example, to keep the wall to the outside world (the internet) as small as possible. “We see that some companies have all kinds of servers and management interfaces connected to the internet. If you limit the number of components you connect to the internet, you reduce the attack surface.” In other words, you reduce the number of hatches in your business environment that are visible from the outside.
Vulnerability scanning solutions play a vital role in identifying and addressing security vulnerabilities in software code. These solutions simulate attacks and conduct code reviews, but scanning alone is insufficient to catch all exploits, particularly zero-day vulnerabilities. Prompt action from organizations is essential.
Protect yourself - detect deviant behaviour
The next layer is the detection of abnormal patterns on your company network. Effective detection systems should be capable of identifying both known and unknown threats, including zero day threats, to ensure comprehensive protection. “When a zero day is abused, something always happens on your network that deviates from the normal pattern,” says Teusink. “Suppose there is an unknown or unresolved vulnerability in a browser. If you visit a website and it is being abused on a zero-day basis, then the attacker can, for example, install a small program on your systems and maybe even a backdoor through which he can easily enter another time. If the zero-day hatch has been boarded up by the manufacturer, for example. A good detection system will immediately notice that a program is being written to the hard disk and that this is unusual when visiting a website. At that moment alarm bells go off and you can intervene.”
Zero day vulnerabilities, such as those exploited in high-profile cyber attacks like Stuxnet and the Kaseya attack, present significant challenges in detection. These vulnerabilities are difficult to identify, making advanced detection methods and regular software updates crucial for mitigating risks.
Protect yourself – install all security patches
In the next step, good security software can also stop the things that happen on your company systems after the abuse of a zero day exploit. “If a zero-day is used to deploy ransomware, security software can protect against it and mitigate the impact because the deployment can be stopped at an early stage.” Although you as an organisation can never protect yourself 100 percent, you are certainly not powerless against cyber criminals. “Not every vulnerability is discovered by cybercriminals first. Software manufacturers themselves are always actively looking for it and will send you an update to fix errors in the code. Security researchers play a crucial role in identifying and responsibly disclosing vulnerabilities, which helps software manufacturers issue timely updates. That is why it is so important to always install updates. Timely security patches can mitigate the impact of zero day exploits by closing one or more hatches in your software wall every time.”
More information?
Eye can help you protect your company against these kinds of attacks. Knowing more? Visit this page to contact us.
