How can you protect your organization against zero-day attacks?

The term ‘zero-day attack’ refers to a cyberattack that exploits a newly discovered vulnerability and is not yet recognized by traditional security solutions. The point of weakness that the attack is targeting is referred to as a ‘zero-day vulnerability’, and the attack itself is a ‘zero-day exploit’.

‘Zero day’ means that there are ‘zero days left’ to address the threat – the hackers exploit a vulnerability before the developers discover it. And in recent years, zero-day malware has accounted for two-thirds of all threats, making it a very serious and significant risk to organizational security.

What is a zero-day vulnerability?

A zero-day vulnerability can take many different forms, and any existing software vulnerability can be used to carry out zero-day exploits. These include:

• Unsanitized data input or SQL injection – logins and sensitive data can be mined out of a database by inputting SQL commands alongside login details on a website.
• Lack of proper data encryption – spyware could intercept data as it is sent
• Broken code, general bugs, or quirks in software – these could be exploited to allow malware to run.
• Poor password security – if a default or low-security password is used, it could be broken in a brute-force attack.
• Missing authorization – a website may not be checking for proper tokens or credentials where it should.

Zero-day attack examples

As with zero-day vulnerabilities, any form of cyberattack that is new and unrecognized is called a ‘zero day’ attack. A large chunk of cybercrime is carried out by malware, which refers to any kind of malicious software. Common types include:

Ransomware – this encrypts data on the user’s device and demands a ransom for the key to decrypt them.

Spyware – spyware gathers sensitive data and sends it back to the attacker, to be used against them or sold to a third party.

Scareware – this malware is less sophisticated than real ransomware, as it only pretends that it has stolen data, or that it is able to destroy data, in an attempt to scare the user into complying with their demands.

Distributed Denial of Service (DDoS) attack – a network or website is bombarded with traffic, making it impossible to use.

Wiper – this type of malware attempts to erase the victim’s hard drive.

Top targets for zero-day attacks

Zero-day attacks may target any of the following, to maximize damages:

Web browsers – Because of their extremely widespread use, an exploitable weakness in a web browser increases a hacker’s chances of a successful attack.

Common software – Popular software that has a very large user-base is similarly useful for mounting a successful attack.

Large companies – Targeting a big company with a lot of funds is potentially more lucrative, and databases will contain more customer information. Financial services are particularly of interest.

Government branches – If the goal is just causing damage, compromising a government-owned system can have huge repercussions and cause chaos.

The challenges of zero-day attack protection

Traditional anti-malware protection relies on being able to recognize threats. Such solutions are based on databases that are frequently updated with known viruses and malware, so that as soon as an attack begins, it can be identified and shut down. Zero-day malware is by its nature unknown, it doesn’t appear in any databases, so it can’t be identified at all. This makes defense against zero-day attacks surprisingly challenging.

Hackers and cybercriminals search for vulnerabilities in software. Someone actively looking to perform an exploit is much more likely to uncover a critical weakness than the developers themselves. This can often result in an attack being developed and deployed before the developers are even aware of an issue.

The window for zero-day attacks is not closed when the developers become aware of the vulnerability. Successful attacks could be carried out while a patch is developed, and on systems that don’t patch promptly.

Defense against zero-day attacks

Defending yourself against a 0-day exploit is difficult, as they are, by definition, ahead of the game. It’s important to know how to prevent zero-day attacks – there are strategies that you can employ to stay safer and decrease your chances of becoming a victim of a zero day exploit:

Stay up to date – A security patch is only effective if you have it installed. Reduce the hacker’s window of opportunity by installing patches for software as soon as they are released.

Keep informed – Sometimes an unknown threat is discovered and published by users before applications have had a chance to address their vulnerabilities. Take advantage of this and stay educated about the latest threats.

Multiple security layers with zero trust solutions – Even undiscovered zero day threats can be thwarted by employing more than one line of defense, especially when this includes preventive, zero-trust solutions that treat all code as malicious rather than relying on a database of known malware. Relying on a web application firewall (WAF) is not at all foolproof when it comes to the latest threats.

 Multi-factor authentication – Using an IAM solution that incorporates at least two forms of authentication, such as a password and biometrics, can make a big difference. Statistics show that 81% of security breaches occur due to weak or stolen passwords – make sure your organization has strict password policies and MFA to prevent unexpected zero day attacks, and even if one does occur, the attacker will find it difficult to spread through the network.

Zero-day antivirus protection – Because of the emergence of new sorts of attacks, anti-virus software has had to adapt to offer better protection. A zero day virus cannot be looked up on a virus database, but there are still ways of recognizing them. Most viruses share common forms of behavior and can be spotted through those, and many new viruses are built upon existing malware. Screening for these known behaviors can catch even previously unknown attacks.

However, these methods have some drawbacks. Looking for common malware behavior is not foolproof, as more novel or well disguised attacks can slip by unnoticed. False positives are also a possibility – legitimate programs that happen to show similarities to malware in their code or behavior will be incorrectly flagged as harmful.

Browser isolation – To eliminate the threat of web-borne attacks, active browser code can be isolated from the user’s computer and network using a browser isolation solution. A virtual machine or container is used to render content from the web, so any code, malicious or otherwise, cannot access the endpoint at all – no data can be damaged or stolen, and nothing can be installed or run. This can be done as a cloud-based service – in Remote Browser Isolation, the user’s internet surfing experience is delivered from a container in the cloud, keeping the client computer separate from potential threats.

For all types of zero-day exploits, it’s crucial that you have built your organization’s security strategy using a preventative, zero trust approach, with education and strong password policies assisting in the fight against the latest zero-day threats.