Cybercriminals are continually trying to discover new bugs, backdoors, and other vulnerabilities in software. Worth thousands of dollars on the Dark Web, finding a new vulnerability is like finding gold, according to one real-world hacker. Cybercriminals often use a newly found vulnerability to quietly infiltrate computer systems and infect them with malware. Neither the software developer nor security researchers know about this susceptibility until the attack occurs. In other words, there are zero days between the time when they first learn about the vulnerability and the first attack exploiting it.
A good example of a zero-day attack occurred in April 2017. Hackers exploited a newly discovered vulnerability in Microsoft Word to install different types of malware on computers. They had found a bug in Word’s Object Linking and Embedding (OLE) functionality that let them bypass security measures put in place. To initiate the attack, the cybercriminals used phishing emails that included an attached Word document containing an embedded OLE object. If the recipients fell for the scam and opened the Word document, the object ran code that initiated a process resulting in malware being installed on their computers.
As this example illustrates, the code used to exploit zero-day vulnerabilities is often spread through phishing emails. Another common delivery method is malicious web content.
Why Zero-Day Attacks Are Hard to Defend Against
Zero-day attacks are difficult to defend against for several reasons. For starters, developers do not know about the vulnerability in their software until an attack occurs, so there are initially no patches to fix the security hole. Patches take time to create and distribute, giving hackers ample time to reel in more victims. Plus, if a zero-day attack deploys a new strain of malware, most security software won’t detect the malware.
Another reason why zero-day attacks are hard to defend against is that cybercriminals are deploying more sophisticated phishing emails. Many hackers now take the time to craft a convincing ruse to get people to open an email attachment or click a link embedded in the email message.
Similarly, hackers are becoming more adept at creating malicious web content. While some website-initiated zero-day attacks can be avoided with safe web-browsing habits, malicious advertising, or malvertising, on legitimate websites is hard to protect against. With malvertising, website visitors do not have to click any buttons or follow any links. Just going to the legitimate site starts the attack since the malicious code is in an ad — and the ads are designed to automatically load when a user visits the site.
Finally, zero-day attacks are hard to fend off because hackers are now using advanced obfuscation and evasion techniques in their zero-day attacks to avoid being detected and restricted by traditional sandboxes.
What You Can Do to Fend Off Zero-Day Attacks
Despite the challenges, you can take some basic precautions to help protect your business from the growing threat of zero-day attacks:
- Teach employees how to spot phishing emails. While the vulnerabilities used in zero-day attacks are new, cybercriminals often rely on the old school technique of phishing to deliver the code needed to initiate the attack. Besides letting employees know about the elements commonly found in phishing emails, tell them about the risks associated with opening email attachments and clicking email links.
- Talk to employees about Internet safety. For example, let them know that they should avoid visiting websites labeled as risky by security software and warn them about the dangers of enabling popups (they are disabled by default in most web browsers). Although safe browsing habits will not stop a zero-day attack initiated through malvertising on a legitimate website, it might prevent less sophisticated zero-day attacks.
- Make sure your firewall uses stateful inspection to help detect and stop suspicious connections. Most modern firewalls use stateful inspections, but older firewalls might not.
- Reduce your business’s attack surface. The less software you have, the less vulnerable your business will be to zero-day attacks. This includes disabling or uninstalling web browser plug-ins not being used.
- Consider using an onsite or cloud-based intrusion protection system. These solutions use advanced technologies (e.g., threat emulation, virtualization, memory analysis) to better detect zero-day attacks.
Although it will not stop a zero-day attack, it is important to make sure that your operating system software and applications are regularly updated on your computers so that known vulnerabilities are patched. Similarly, your security software needs to be regularly updated to protect your computers from known malware threats.
Protect Your Business Against Zero-Day Attacks
Zero-day attacks are a lucrative business for cybercriminals, so they are not going away. Adopting the mindset that you cannot protect your business from these attacks because they involve unknown vulnerabilities is risky. Admittedly, it is difficult to defend against them, but you can take some basic precautions. We are here if you need help with determining and implementing the specific measures you need to take.