A zero-day threat is a threat that exploits an unknown computer security vulnerability. The term is derived from the age of the exploit, which takes place before or on the first (or “zeroth”) day of a developer’s awareness of the exploit or bug. This means that there is no known security fix because developers are oblivious to the vulnerability or threat.
Zero-day exploits are often discovered by hackers who find a vulnerability in a specific product or protocol, such as Microsoft Corp.’s Internet Information Server and Internet Explorer or the Simple Network Management Protocol. Once they are discovered, zero-day exploits are disseminated rapidly, typically via Internet Relay Chat channels or underground Web sites.
The following are key signs a company would see when attacked with a zero-day exploit:
- Unexpected potentially legitimate traffic or substantial scanning activity originating from a client or a server
- Unexpected traffic on a legitimate port
- Similar behavior from the compromised client or server even after the latest patches have been applied
In such cases, it’s best to conduct an analysis of the phenomenon with the affected vendor’s assistance to understand whether the behavior is due to a zero-day exploit.
However, there are a few steps and measures that could help us to reduce our exposure to Zero Day based attacks.
Make Sure Your Operating System Is Updated
If your operating system (OS) is up to date, you’re already at an advantage. Whatever OS you’re running, simply engage with the usual method of checking for updates, and if they’re available, download and install them.
Good preventive security practices are a must. These include installing and keeping firewall policies carefully matched to business and application needs, keeping antivirus software updated, blocking potentially harmful file attachments and keeping all systems patched against known vulnerabilities. Vulnerability scans are a good means of measuring the effectiveness of preventive procedures.
Deploy inline intrusion-prevention systems (IPS) that offer comprehensive protection. When considering an IPS, seek the following capabilities: network-level protection, application integrity checking, application protocol Request for Comment (RFC) validation, content validation and forensics capability.
Update your software.
Another important way of protecting yourself against zero-day attacks is to make sure that you use the most updated version of your software. If software you trust sends you a notice to update your version, do it. If the software update explains that this a critical update (it may be referred to as a “critical security release” or similar), believe them. The update may include a patch to a recently discovered vulnerability. By updating your software, you immunize yourself against possible future infections through that vulnerability.
Use only updated browsers.
Firefox, Chrome and Internet Explorer all push out automatic updates of their browsers on a regular basis. These updates, which often include patches to newly discovered vulnerabilities, generally take place in the background. The updates are installed when you close and reopen your browser, and won’t disturb your use of the browser at all.
Use a Password Manager
For some reason, password managers still haven’t taken off. We’ve seen again and again that people just don’t know how to create a password that cannot be guessed. Perhaps they’re too lazy or busy to change from “qwerty” to something far more secure yet memorable. Alternatively, perhaps they believe that by choosing a simple password, they’re double bluffing the criminals.
Never install unnecessary software
Each software installed on your system is a window of entry for a potential Zero Day. It’s recommended that you review the list of software once in a while and uninstall those that you no longer use.
Planned incident response
Even with the above measures, a company can get infected with a zero-day exploit. Well-planned incident-response measures, with defined roles and procedures including prioritization of mission-critical activities, are crucial to minimizing the business damage.
Zero-day exploits are a challenge for even the most vigilant systems administrator. However, having the proper safeguards in place can greatly reduce the risks to critical data and systems.