What is a Zero Day Attack and How Can You Protect Against It?

A zero day vulnerability is a flaw, it is “an unknown exploit in the wild that exposes a vulnerability in software or hardware” (fireeye). The name refers to the fact that developers have zero days to fix the problem that has just arisen which may lead to hackers exploiting the vulnerability before a patch has been released.

What is a Zero Day Attack? 

A zero day attack occurs once a software vulnerability has been exploited and the attacker has released malware before developers are able to create a patch to fix the vulnerability. Here is a step by step breakdown of what causes a zero day attack:

• A company develops a software and was unaware of a vulnerability in its code
• The hacker notices that there is a vulnerability before the developer does and immediately acts on it before the developer finds out
• The hacker exploits the vulnerability while it is still unnoticed with the code that it has created 
• Once the exploit has been released to the public, the developer catches it then creates a patch to fix the vulnerability

Who are the Attackers?

• Cybercriminals
• Hactivists 
• Cyberwarfare
• Corporate espionage

How to Protect Against a Zero Day Vulnerability

As of today, there are no patches or antivirus signatures available that can aid in zero day vulnerability detection. Therefore, it is important for your company to do the best they can to protect themselves against one. 

In order to keep your organization’s computer systems and data safe, it is imperative that your organization is proactive and reactive. Being proactive means to have antivirus software on your systems to detect and remove any viruses. Whereas reactive would be to consistently make sure that your software is up to date whenever a new update is available. This would reduce the risk of the hacker to exploit any vulnerabilities found in the software. 

Performing a vulnerability scan may aid in finding new vulnerabilities that could have been introduced after a software update.

The following lists what an an organization can do to protect their data against zero day vulnerabilities: 

1. Make sure that you keep your software up to date with the latest software updates and releases; install the latest security patches as these would fix bugs missed from the previous versions
2. Install an antivirus software to help block and prevent any possible threats
3. Configure appropriate security settings for your antivirus software, operating system, and internet browser
4. Use intrusion prevention systems (IPS)
5. Establish disaster recovery procedures
6. Implement a web application firewall (WAF)

Common Targets for Zero Day Attacks

The following lists the common targets for a zero day attack:

• Government departments
• Large enterprises
• Browser or operating system; hackers can use vulnerabilities to compromise the computer systems and build botnets
• Hardware devices, firmware, and Internet of Things (IoT)

3 Common Attack Vectors

1. Web browsers (popular target)
2. Email attachments, specifically when the user downloads and opens the attachment
3. File types - i.e. Microsoft word, excel, PDF or Flash 

Zero Day Attack Examples

These are some well known zero day attacks:

1. Stuxnet
   
   Stuxnet was “one of the earliest digital weapons used; it is a highly infectious self-replicating computer worm that disrupted Iranian nuclear plants” (Norton).
   
   Sony
   
   Sony Pictures was the victim of a zero day attack back in 2014. The attack “brought down Sony’s network, and attackers leaked sensitive corporate data on file sharing sites, including personal information about Sony’s employees and their families, internal correspondence, information about executive salaries, and copies of unreleased Sony films” (Cynet). 
   
2. RSA
   
   Back in 2011, hackers utilized an unpatched vulnerability in Adobe Flash Player to gain entry into RSA’s network. The hackers sent an email to RSA employees with an attachment that activated a Flash file which as a result exploited the zero day flash vulnerability. The information that the hackers managed to steal included “key information used by RSA customers in SecurID security tokens” (Cynet).
   

This YouTube video gives a better explanation of what Stuxnet, as briefly discussed above is about.

What is The Difference Between Targeted and Non-Targeted Zero Day Attacks?

Targeted Zero Day Attacks

These types of attacks are targeted towards large institutions, government or public institutions, and senior employees who have privileged access to confidential data and systems. 

Non-Targeted Zero Day Attacks

Non-Targeted Zero attacks are aimed towards a large group of users who are using a vulnerable system (i.e. browser or operating system). The hacker’s goal with this type of attack is to compromise a large group in order to use them to build botnets. 

Unfortunately, zero day vulnerabilities still exist today and a current example is another zero day exploit found on the Google Chrome browser. According to TheHackerNews, “successful exploitation of the flaw could mean corruption of valid data, leading to a crash, and even execution of unauthorized code or commands” (TheHackerNews). Chrome users have been informed to update to the latest version. Therefore it is important for individuals to be educated and understand what can be done to protect against zero day vulnerabilities. 

Reading security news like The Hacker News or of course, the security guides on HackerNoon would be beneficial as that is where you can find up-to-date cybersecurity information.  

Keep up with all the latest in cybersecurity! Subscribe to our newsletter in the footer below.