A zero day vulnerability is a flaw, it is “an unknown exploit in the wild that exposes a vulnerability in software or hardware” ( ). The name refers to the fact that developers have zero days to fix the problem that has just arisen which may lead to hackers exploiting the vulnerability before a patch has been released. fireeye What is a Zero Day Attack? A zero day attack occurs once a software vulnerability has been exploited and the attacker has released malware before developers are able to create a patch to fix the vulnerability. Here is a step by step breakdown of what causes a zero day attack: A company develops a software and was unaware of a vulnerability in its code The hacker notices that there is a vulnerability before the developer does and immediately acts on it before the developer finds out The hacker exploits the vulnerability while it is still unnoticed with the code that it has created Once the exploit has been released to the public, the developer catches it then creates a patch to fix the vulnerability Who are the Attackers? Cybercriminals Hactivists Cyberwarfare Corporate espionage How to Protect Against a Zero Day Vulnerability As of today, there are no patches or antivirus signatures available that can aid in zero day vulnerability detection. Therefore, it is important for your company to do the best they can to protect themselves against one. In order to keep your organization’s computer systems and data safe, it is imperative that your organization is proactive and reactive. Being proactive means to have antivirus software on your systems to detect and remove any viruses. Whereas reactive would be to consistently make sure that your software is up to date whenever a new update is available. This would reduce the risk of the hacker to exploit any vulnerabilities found in the software. Performing a vulnerability scan may aid in finding new vulnerabilities that could have been introduced after a software update. The following lists what an an organization can do to protect their data against zero day vulnerabilities: Make sure that you keep your software up to date with the latest software updates and releases; install the latest security patches as these would fix bugs missed from the previous versions Install an antivirus software to help block and prevent any possible threats Configure appropriate security settings for your antivirus software, operating system, and internet browser Use intrusion prevention systems (IPS) Establish disaster recovery procedures Implement a web application firewall (WAF) Common Targets for Zero Day Attacks The following for a zero day attack: lists the common targets Government departments Large enterprises Browser or operating system; hackers can use vulnerabilities to compromise the computer systems and build botnets Hardware devices, firmware, and Internet of Things (IoT) 3 Common Attack Vectors Web browsers (popular target) Email attachments, specifically when the user downloads and opens the attachment File types - i.e. Microsoft word, excel, PDF or Flash Zero Day Attack Examples These are some well known zero day attacks: Stuxnet was “one of the earliest digital weapons used; it is a highly infectious self-replicating computer worm that disrupted Iranian nuclear plants” ( ). Sony Pictures was the victim of a zero day attack back in 2014. The attack “brought down Sony’s network, and attackers leaked sensitive corporate data on file sharing sites, including personal information about Sony’s employees and their families, internal correspondence, information about executive salaries, and copies of unreleased Sony films” ( ). Stuxnet Norton Sony Cynet Back in 2011, hackers utilized an unpatched vulnerability in Adobe Flash Player to gain entry into RSA’s network. The hackers sent an email to RSA employees with an attachment that activated a Flash file which as a result exploited the zero day flash vulnerability. The information that the hackers managed to steal included “key information used by RSA customers in SecurID security tokens” ( ). RSA Cynet This YouTube video gives a better explanation of what  Stuxnet, as briefly discussed above is about. What is The Difference Between Targeted and Non-Targeted Zero Day Attacks? Targeted Zero Day Attacks These types of attacks are targeted towards large institutions, government or public institutions, and senior employees who have privileged access to confidential data and systems. Non-Targeted Zero Day Attacks Non-Targeted Zero attacks are aimed towards a large group of users who are using a vulnerable system (i.e. browser or operating system). The hacker’s goal with this type of attack is to compromise a large group in order to use them to build botnets. Unfortunately, zero day vulnerabilities still exist today and a current example is another zero day exploit found on the Google Chrome browser. According to TheHackerNews, “successful exploitation of the flaw could mean corruption of valid data, leading to a crash, and even execution of unauthorized code or commands” ( ). Chrome users have been informed to update to the latest version. Therefore it is important for individuals to be educated and understand what can be done to protect against zero day vulnerabilities. TheHackerNews Reading security news like The Hacker News or of course, the would be beneficial as that is where you can find up-to-date cybersecurity information. security guides on HackerNoon Keep up with all the latest in cybersecurity! Subscribe to our newsletter in the footer below.

Adobe

Google

Microsoft

Sony

Target

YouTube

5 Best Cybersecurity Books for Beginners

How to Hack Bluetooth Devices: 5 Common Vulnerabilities

2021 - Top Security Expert

Nominated for 2022 - HackerNoon Contributor of the Year - Instagram

Nominated for 2022 - HackerNoon Contributor of the Year - Social Media

Nominated for 2022 - HackerNoon Contributor of the Year - Security

Nominated for 2022 - HackerNoon Contributor of the Year - Cyber Security Awareness

Nominated for 2022 - HackerNoon Contributor of the Year - Facebook

Too Long; Didn't Read

CTA: Download the FREE AI Productivity Shift report

What is a Zero Day Attack and How Can You Protect Against It?

What is a Zero Day Attack and How Can You Protect Against It?

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

5 Common Identity and Access Management Security Risks

10 Pieces of Sci-Fi Armor We All Wish Were Real

10 Movie Tie-In Games That Were Actually Good

10 Most Anticipated Sci-fi Games of 2022 You Can’t Miss

10 Female Video Game Characters You Need to Know

5 Common Identity and Access Management Security Risks

10 Pieces of Sci-Fi Armor We All Wish Were Real

10 Movie Tie-In Games That Were Actually Good

10 Most Anticipated Sci-fi Games of 2022 You Can’t Miss

10 Female Video Game Characters You Need to Know

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps