Zero-day exploits and subsequent zero-day attacks are one of the biggest security challenges facing organisations today, and yet they are something that is not well understood by the majority of businesses.
Ultimately, no code is perfect, and therefore any software will have flaws or vulnerabilities, which those with malicious intent will attempt to exploit. Once a loophole or vulnerability has been identified, it can then be used to launch a targeted attack into an organisation, for the purpose of a variety of cyber-crime activities. As they exploit previously unknown vulnerabilities, zero-day attacks provide no opportunity for detection at first, and herein lies the danger. These attacks may remain undetected on corporate networks for days, weeks and even months, during which time they can wreak significant havoc. Understanding what a zero-day exploit is, how zero-day attacks are launched, and what you can do to safeguard your data, is essential in ensuring comprehensive security in today’s world.
“Zero-day exploits are unknown exploits that take advantage of flaws or loopholes that exist within software or hardware, exposing these vulnerabilities to attack. Zero-day attacks occur once a flaw or vulnerability is exploited, with attackers releasing malware before developers are aware of or can create patches to fix the vulnerability. This can create significant problems for organisations, as the attacks typically remain undetected, as they result from an unknown vulnerability. In fact, according to the 2015 Mandiant M-Trends report, the average time to detect such a new attack is 205 days, giving threat actors plenty of time to penetrate, hide and wreak havoc,” says Deon la Grange, regional Manager – sub-Sahara Africa (SSA) at FireEye.
Adds Fred Mitchell, Security Software division manager at DCC: “For software and hardware vendors, such attacks can result in significant reputational damage once the public is made aware of the issue, particularly if a vulnerability has been exploited for a lengthy period. For businesses, the usual threats of malware apply, with all of the dangers of data leaks and compromises. While the effects of a zero-day attack may vary, they generally involve theft of data for sale or other nefarious purposes. In addition, if undetected, attacks will spread laterally through the organisation, making them difficult, time consuming and costly to contain and remediate once detected.”
“Early detection is essential, however, traditional security solutions are unable to detect these types of attacks as there is no patch or signature for them, which means security solutions will not fire alerts. Until the vulnerability is closed and a fix is developed, there will be nothing for traditional security solutions to detect. In addition, once threats are detected, typical security solutions can do little to fix them and the damage caused. Given the damage they cause, however, it is critical that they can be prevented and remediated, which requires a new approach to cyber security. Organisations need proactive, signature-less solutions that are able to detect unknown attacks, based on the characteristics of the attack and vast amounts of intelligence, rather than a malware signature or definition. Security architecture needs to incorporate adaptive defence that is able to continuously detect, prevent, analyse, and respond to threats,” adds la Grange.
Zero-day attacks are part of a growing cyber-crime industry that profits by stealing the valuable data organisations store both on their network and in the cloud. Cyber-crime today has two main characteristics – it is targeted and it is persistent, evading anti-virus and other traditional cyber security efforts and executing a series of activities to perpetrate crimes. Even if a single attack is detected, it is highly likely that other malware from the persistent attack is still present, leaving vulnerabilities open. To counter such threats, it is essential to understand the nature of a zero-day attack, and then implement proactive, adaptive security to detect and prevent this growing cyber problem.