Zero-day attacks, a real headache for cybersecurity.

In the world of cybersecurity, there are certain threats that tend to play on the unknown; such as zero-day attacks. Find out all about this threat.

When we think of attacks in cybersecurity, we probably think mainly of ransomware, phishing or virus attacks. However, there are other types of threats that attack in a different way than the ones we usually know about; zero-day attacks are one of these unknown threats, which are often a problem for cybersecurity teams. Get up to speed!

Zero-day attacks
Zero-day attacks

What are zero-day attacks?

As we have seen in other articles; vulnerabilities within systems, allow attackers to gain illegal access to a system; in the same way, it can be to alter the operation of that system or steal data. The task of every cybersecurity researcher is to actively explore such vulnerabilities and fix them before a third party takes advantage of them.

Zero-day vulnerabilities are those that cybercriminals discover within a system or software before the developers discover it. As there is no knowledge of such vulnerability, no security patches are developed; because of this it is easy for attackers to exploit this vulnerability, knowing that there is no defense for this infraction; thus it becomes the so-called “zero-day attack”.

Are there types of zero-day attacks?

The answer is yes: there are two types of zero-day attacks: targeted and untargeted attacks.

  • Targeted attacks: normally these types of attacks are aimed at “high-level” victims such as government agencies, important organizations or any entity that has access to systems containing valuable information. They can also be attacks on particular individuals with high status or high socio-economic status.
  • Non-targeted attacks: these are mainly aimed at small businessmen or domestic networks; they target equipment or software that does not have very advanced security, or whose systems are vulnerable. The main objective is to create massive botnets and thus create other types of havoc.

How are these attacks created and by whom?

Generally these types of processes have a series of steps before being carried out; these steps usually go in the following order:

  • Search for vulnerabilities: they can go from searches in the codes, they can also use popular applications such as facades. On the other hand, there is the option of buying such vulnerabilities on the black market.
  • Creating exploit codes: attackers create a means to exploit vulnerabilities (malware, viruses, spyware, etc.).
  • Investigating affected systems: criminals can use resources such as malwares, bots or scanners; to investigate which specific systems are being affected by the vulnerability found.
  • Attack planning phase: in the case of the targeted attacks mentioned above, attackers organize the information obtained and create a plan evaluating their options to successfully carry out the attack. On the other hand, when it comes to non-targeted attacks, they usually skip the planning phase and directly execute the available resources to penetrate as many devices as possible.
  • Infiltration and attack launch: infiltration occurs when the security barrier of the target system is breached; the code is then executed remotely to carry out the attack.

There are different categories of attackers:

  • Cyberterrorists or hacktivists: usually this type of attackers usually do it for an ideology, to support a belief or religion; usually, these seek to make their attacks visible or have media attention; in order to give a message about their cause.
  • Corporate espionage: attackers who tend to obtain important information from other organizations in an illicit manner.
  • Cybercriminals: these usually carry out attacks mainly to obtain money or for economic purposes.
  • Cyberwarfare: occurs when critical systems of other countries in conflict are attacked.

How can zero-day vulnerabilities be fixed?

As zero-day attacks are carried out without the developers’ knowledge, it is difficult to defend against these types of attacks; however, it is possible to prevent these attacks:

  • Next generation antivirus: conventional antivirus are an effective prevention against zero-day attacks; however, there are antivirus called “Next Generation Antivirus (NGAV)” that implement other techniques such as threat intelligence, machine learning code analysis, among others; to better protect a device.
  • Patch management: using automated resources to detect which devices or software need patches is a good way to keep the defense up to date and, therefore, be alert to zero-day attacks.
  • Incident response plan: this is one of the most important resources to take into account; this is because in cases where an infiltration may occur, the entire team is prepared to respond and has a precise plan to carry out; thus reducing lost time and reducing damage.

Two real-life cases of zero-day attacks.

One of the biggest cases of a targeted zero-day attack was against Microsoft; in March 2020 the company made public the way in which two separate vulnerabilities were exploited. These vulnerabilities affected Windows-compatible devices, weeks before the patch had been updated.

Another case was that of Sophos; in April 2020, zero-day attacks against the Sophos XG firewall were reported. Their goal was to exploit the SQL injection vulnerability, which targets the firewall of the PostgreSQL database server. If successfully exploited, this vulnerability could allow attackers to inject code into the database.

Now that you know a little more about zero-day attacks and vulnerabilities, we hope to create more awareness about these types of threats; every day the number of attacks performed on both high and low profile companies increases; and it is everyone’s job to keep our devices safe.

Interesting related articles: Cybercrime and its forms: The threat of the modern world.

Other articles that may interest you: 10 behaviors that are a security risk for enterprises.