Imagine you accidentally leave a rarely-used window open in your home.
You don’t think anything of it until you notice things going missing. Thieves have been sneaking in and out of your house for days, availing themselves of your stuff using that neglected window.
Zero-day attacks are exactly the same. Hackers find and exploit a vulnerability in your system before you know it exists. And until you find the bug, you can’t fix the problem.
A zero-day attack exploits zero-day vulnerabilities to cause damage or steal data from a system. The term “zero-day” refers to the number of days (zero) available to the software vendor to issue a fix for the unknown vulnerability before the attack.
Today, zero-day vulnerabilities are being found on everyday platforms like Apple iOS, Google Chrome, and Windows. Cybercrimes and increasing variants of already found exploits are increasingly making it difficult to mitigate zero-day attacks.
For enterprises facing cybersecurity threats from zero-day attacks, the situation paints a grim picture. It feels as if there’s no hope of finding and preventing these kinds of attacks.
But experts note that it’s not always the case. Using the right security software and implementing best cybersecurity practices can guard against zero-day attacks. Keep reading to find out how.
Software developers don’t want to create software with bugs, obviously, but every software has unintentional flaws. After all, every 1,000 lines of code have 3 to 20 bugs. Some of these vulnerabilities create a security weakness in the design, implementation, or operation of a system or application.
Cybercriminals look for these kinds of cybersecurity vulnerabilities to execute commands disguised as familiar systems. They could access and steal restricted data, behave like another user, or launch denial of service attacks. For instance, a system vulnerability in cloud storage might provide access to otherwise secure data on the cloud.
A zero-day vulnerability is any software flaw that is yet to be fixed because the parties responsible for it haven’t noticed it needs repair.
Software vendors, developers, and programmers are always scanning for bugs like these. When they discover one, they patch it up. However, when the vulnerability is out in the open and unfixed, cybercriminals get a free pass to exploit it.
Since vendors typically have no knowledge of such vulnerabilities beforehand, they literally have zero days to fix the bug before cybercriminals leverage it.
zero-day vulnerabilities have been found in the wild by Google’s Project Zero researchers since 2014.
Source: Google's Project Zero
Researchers Leyla Bilge and Tudor Dumitras have outlined the seven stages in the lifecycle of a zero-day vulnerability.
It’s common to confuse zero-day attacks with zero-day vulnerabilities and zero-day exploits. But they are different.
Zero-day vulnerability: A software vulnerability yet to be known to developers or a flaw with no patch. Zero-day vulnerabilities could be missing data encryption, misconfigurations, incorrect authorizations, or coding errors.
Zero-day exploit: Techniques or methods cybercriminals use to gain access to a system using a zero-day vulnerability. The methods range from spear phishing to malware.
Zero-day attack: A successful zero-day exploit that sabotages a system or causes damage in terms of data breach or theft is a zero-day attack.
Related: Learn how to avoid becoming victims of phishing and other social engineering techniques.
Your defense against zero-day attacks is effective only if you know how an attack works. A zero-day attack goes like this:
Different kinds of people carry out zero-day attacks for varying reasons. They could be:
Cybercriminals target a wide range of organizations with zero-day exploits and attacks. These include:
Zero-day attacks are one of the fastest-growing cybersecurity threats. With the rapid adoption of cloud, mobile, and internet-of-things (IoT) technologies, the number and complexity of software platforms we use daily are increasing. More software leads to more software bugs. More bugs typically mean more gateways for attackers to exploit.
For criminal hackers, the vulnerabilities in popular software like Microsoft Office or Google Chrome represent a free pass to attack any target they want, from Fortune 500 companies to millions of mobile phone users worldwide.
Zero-day attacks are so vicious because they typically go undiscovered for at least ten months – longer in some cases. Until the attack is found, the software remains unpatched, and anti-virus products cannot detect the attack through signature-based scanning. They’re also unlikely to be observed in honeypots or lab experiments.
And even if the vulnerability is exposed, criminals rush in to take advantage of the situation. Once an unpatched vulnerability is public, it takes only 14 days for an exploit to be available in the wild. While the attacks are initially intended for a specific organization or person, it doesn’t take long for other threat actors to exploit the vulnerability as widely as possible.
attack attempts were made within 72 hours of revealing the infamous Log4j vulnerability.
Up until the last few years, zero-day exploits were mostly found and used by state-sponsored cyber groups. Stuxnet, one of the most famous zero-day attacks on Iran’s nuclear program, is speculated to be a joint operation between the United States and Israel.
But today, financially motivated cybercrime groups use zero-day exploits. They’re making money with zero-day attacks using ransomware. Increasing attacks on the IT services supply chain are also ramping up with the objective of targeting downstream third-party businesses.
Twitter accounts were found to be affected by a data breach due to a zero-day vulnerability in 2022.
Adding to the mix is that hackers could potentially use artificial intelligence (AI) and machine learning (ML) solutions to instigate sophisticated attacks.
For instance, in 2022, researchers found they could use ChatGPT to create phishing emails and ransomware campaigns for MacOS. Anyone, regardless of their technical expertise, could use these AI tools to create codes for malware or ransomware on demand.
These attacks have wide ramifications, from data theft and spreading malware to financial losses and total system takeover. More than ever, businesses have to be prepared for zero-day attacks to protect their data and network security.
Related: Learn what data security means and the best practices to keep your data safe.
We asked five cybersecurity experts about the most prevalent and avoidable missteps businesses take that make them vulnerable to zero-day threats and attacks. Here’s what they said.
Pete Nicoletti from Check Point Software noted that businesses, especially small-to-midsize, aren’t usually ready for zero-day attacks.
“Let’s look at the scope of the problem first. Vulnerable applications, partners, employees distributed everywhere, in cloud resources, colocation servers, desktops, laptops, insecure home wireless, bring-your-own-device, cell phones, and more. All create a very large threat surface and require specific solutions, priority, budget, and personal attention,” Nicoletti said.
He noted that attackers are well-funded with billions of dollars in ransomware and are now creating thousands of new malware variants each month, along with billions of well-crafted phishing emails. They’re exploiting zero-day vulnerabilities and hammering on unpatched weak spots.
Field CISO, Check Point Software
Considering how expensive and hard zero-day attacks are to mitigate, Nicoletti insists businesses should be ready to address the security risks with reasonable expenditures.
Paul Hadjy, the CEO and co-founder of Horangi Cyber Security, talked about the importance of getting the basics of security right.
“Many companies ask us about dealing with zero-day vulnerabilities when they still have not fully matured their capabilities and mechanisms for dealing with known vulnerabilities,” Hadjy said.
He told us that while it’s unfortunate to get attacked on a zero-day vulnerability, getting attacked on a known vulnerability is even worse.
“Both point to a situation we come across very often. The situation where organizations are focusing on what is trendy and relevant when they should be focusing on the basics of security,” he said.
CEO and Co-founder, Horangi Cyber Security
Caitlin Condon, senior manager of Security Research at Rapid7, noted that companies lack a basic foundational vulnerability management practice.
“The most frequent question we hear organizations asking when there's a high-profile zero-day attack is, ‘do we use this vulnerable product?’ followed by ‘have we already been exploited?’” Condon said.
“A crisis is not an ideal time for a business to start thinking about how to catalog inventory, set up centralized logging or alerting, or implement an emergency patching plan for critical, actively exploited vulnerabilities.”Caitlin Condon
Senior Manager, Security Research, Rapid7
Condon said that the best preparation against zero days is to put good core policies and practices in place. “Then, when there's a cybersecurity incident where risk reduction is measured in minutes, you have a well-understood baseline on top of which to enact emergency procedures, operationalize intelligence, and prioritize remediations.”
Stan Wisseman, the chief security strategist of CyberRes, a Microfocus line of business, highlights the need for better visibility when it comes to the software businesses use.
“Organizations need greater transparency into the software components that make up their applications and products so they can conduct rapid impact analysis,” Wisseman said. He explained the necessity of doing so with the example of zero-day attacks that happened when Log4Shell or Log4J vulnerability were revealed in Apache.
“With Log4J, anybody running anything with Java had to manually email their vendors to figure out if Log4J was in their products and validate the version. If they were affected, they had to determine what to do about it. Everyone was scrambling.”
He added that businesses need to do software composition analysis (SCA) and have software bill of materials (SBOM) to quickly lessen risks posed by the zero-day attack. “You need to do your due diligence and ensure they have validated security controls in place,” he said.
Chief Security Strategist, CyberRes
Ben Herzberg, Vice-President at Satori Cyber, shared his takes on the problems new businesses have with preventing zero-day attacks.
“New businesses are, generically speaking, in growth mode. And lean. These two factors can cause neglect of security and compliance. This can lead to more excessive security risks, both known and zero-day.”
Now that you know where some of the problems lie, peruse expert advice about preventing zero-day attacks.
Condon highlighted the importance of businesses understanding the dangers cyber attacks pose.
Senior Manager, Security Research, Rapid7
“Maybe you're a cloud-first company that needs to tailor its deployment and scanning rules to prevent misconfigurations that expose data or run up high bills,” she said. “Maybe you're a retail company whose point-of-sale (POS) systems are targeted during the holiday season or a streaming company living in a 99.999% uptime world where denial-of-service attacks are a business catastrophe."
“Understanding which types of risks have the highest impact on your business allows you to build a security program where goals and metrics are customized to your needs and where you can more easily communicate progress and priorities to non-security stakeholders across your organization.”
Adding to this, Herzberg stressed the importance of building an incremental plan that addresses threats by risk factor.
“You will probably not be able to lower your risk to 0%. It is, therefore, important to prioritize high-risk areas...Building great security around the sensitive data you have is more important than that of generic log data.”Ben Herzberg
Vice-President, Satori Cyber
“Businesses need to get their basics covered first,” said Nicoletti.
Here are some suggestions from Nicoletti for businesses to get their basics right.
Adding to this, Wisseman pointed out that the advice provided by the Cybersecurity and Infrastructure Security Agency (CISA) in its Shields Up program is great for companies of all sizes that want to improve their resilience.
“It is important to make sure that there are multiple layers of security,” Herzberg said. "For example, if an endpoint is compromised, which may be as a result of a zero-day exploit that’s out of your control, think about how you make sure the damage is contained and will not lead to compromising all your platforms.” A layered approach ensures that an attacker penetrating one layer of defense will be stopped by a subsequent layer.
Tip: Use a web application firewall tool to scan all your incoming network traffic to find threats in real time.
Hadjy called these capabilities “foundational,” and went on to say, “Many technologies, such as using a cloud security posture management tool and cloud identities and entitlements management (CIEM), can help you improve your patch management capabilities and are highly recommended.”
G2 cybersecurity analyst Sarah Wallace also called attention to the importance of having updated cybersecurity software. “Cyber criminals know a lot of organizations have dated, legacy security software so it's an easy target for them,” said Wallace.
Related: Learn how to make security incident response less chaotic with an incident response plan.
Hadjy emphasized improving incident response strategy with frequent simulations and tests. “Have a solid plan in place, and practice, practice, practice!”
Hadjy explained to us that holding simulations such as tabletop exercises is the best way to see how well your incident response plans work and to identify areas of improvement.
“You may not be able to control when or how you get attacked, but you can control many parts of your response when it happens,” he said. He also stressed the need to cultivate and promote a strong cybersecurity culture.
“Dealing with a zero-day attack is, in almost every way, the same as dealing with any other cyber attack. You have to respond to a situation you did not expect, and you often have very little information to go on.”Paul Hadjy
CEO & Co-founder, Horangi Cyber Security
“Ensure that your entire organization is educated and stays vigilant against potential threats like phishing. Provide tools and channels for employees to flag and report phishing attempts and threats,” Hadjy said.
“If employees learn from day one that security is not an obstacle that needs to be bypassed, but a business enabler, it makes a huge difference in their behavior for the years to come,” Herzberg.
To conclude, Nicoletti left us with this guidance. “Change your mindset from detection to prevention as you must stop zero days in their tracks.”
Different security solutions help detect and defend against zero-day threats and other cyber security vulnerabilities and attacks. You can use a combination of these tools based on your needs and strengthen your business’s security posture.
Patch management solutions ensure your tech stack and IT infrastructure are up to date. Organizations utilize this tool to
Tip: You can use vulnerability scanners or black box scanners to fix known vulnerabilities.
More advanced than traditional vulnerability management tools, risk-based vulnerability management software identifies and prioritizes vulnerabilities based on customizable risk factors. Companies can use this tool to
Tools like attack surface management software can also be used to scan for and remediate vulnerabilities.
Security risk analysis software monitors IT stacks, including networks, applications, and infrastructure, to identify vulnerabilities. Businesses use this solution to
Intrusion detection and prevention systems are also useful for knowing about suspicious activities, malware, socially engineered attacks, and other web-based threats.
Threat intelligence software provides information on the newest cyber threats, be it zero-day attacks, new malware, or exploits. Organizations use threat intelligence software to
SIEM is a combination of security tools that perform functions of both security information monitoring software and security event management software. The solution provides a single platform to facilitate real-time security log analysis, investigation, anomaly detection, and threat remediation. Businesses can use SIEM to
Incident response tool is usually the last line of defense against any cyber threats. The tool is used to remediate cybersecurity issues as they arise in real-time. Businesses use the solution to
SOAR combines the functionalities of vulnerability management, SIEM, and incident response tools. Organizations use the solution to
Zero-day attacks are, no doubt, increasingly common and difficult to prevent. But you must have your best defenses against it. Know the tech stack you have. Maintain a robust security infrastructure for finding and fixing vulnerabilities.
Keep monitoring for anomalies. Make your employees aware of your security policies and threats. Have an incidence response plan, and test them regularly. Mitigate and contain an attack if it happens. Follow the best security practices with the security solutions mentioned above, and you’ll be prepared.
Learn more about cybersecurity tools that can protect your company from zero-day threats and other cyber attacks.
Soundarya Jayaraman is a Content Marketing Specialist at G2, focusing on cybersecurity. Formerly a reporter, Soundarya now covers the evolving cybersecurity landscape, how it affects businesses and individuals, and how technology can help. You can find her extensive writings on cloud security and zero-day attacks. When not writing, you can find her painting or reading.
Never miss a post.
Subscribe to keep your fingers on the tech pulse.