How to Protect Your Company From Zero-Day Attacks

A zero-day threat is a threat that exploits an unknown computer security vulnerability. The term is derived from the age of the exploit, which takes place before or on the first (or “zeroth”) day of a developer’s awareness of the exploit or bug. This means that there is no known security fix because developers are oblivious to the vulnerability or threat.

Zero-day exploits are often discovered by hackers who find a vulnerability in a specific product or protocol, such as Microsoft Corp.’s Internet Information Server and Internet Explorer or the Simple Network Management Protocol. Once they are discovered, zero-day exploits are disseminated rapidly, typically via Internet Relay Chat channels or underground Web sites.

The following are key signs a company would see when attacked with a zero-day exploit:

  • Unexpected potentially legitimate traffic or substantial scanning activity originating from a client or a server
  • Unexpected traffic on a legitimate port
  • Similar behavior from the compromised client or server even after the latest patches have been applied

In such cases, it’s best to conduct an analysis of the phenomenon with the affected vendor’s assistance to understand whether the behavior is due to a zero-day exploit.

However, there are a few steps and measures that could help us to reduce our exposure to Zero Day based attacks.

Make Sure Your Operating System Is Updated

If your operating system (OS) is up to date, you’re already at an advantage. Whatever OS you’re running, simply engage with the usual method of checking for updates, and if they’re available, download and install them.

Prevention

Good preventive security practices are a must. These include installing and keeping firewall policies carefully matched to business and application needs, keeping antivirus software updated, blocking potentially harmful file attachments and keeping all systems patched against known vulnerabilities. Vulnerability scans are a good means of measuring the effectiveness of preventive procedures.

Real-time protection

Deploy inline intrusion-prevention systems (IPS) that offer comprehensive protection. When considering an IPS, seek the following capabilities: network-level protection, application integrity checking, application protocol Request for Comment (RFC) validation, content validation and forensics capability.

Update your software.

Another important way of protecting yourself against zero-day attacks is to make sure that you use the most updated version of your software. If software you trust sends you a notice to update your version, do it. If the software update explains that this a critical update (it may be referred to as a “critical security release” or similar), believe them. The update may include a patch to a recently discovered vulnerability. By updating your software, you immunize yourself against possible future infections through that vulnerability.

Use only updated browsers.

Firefox, Chrome and Internet Explorer all push out automatic updates of their browsers on a regular basis. These updates, which often include patches to newly discovered vulnerabilities, generally take place in the background. The updates are installed when you close and reopen your browser, and won’t disturb your use of the browser at all.

Use a Password Manager

For some reason, password managers still haven’t taken off. We’ve seen again and again that people just don’t know how to create a password that cannot be guessed. Perhaps they’re too lazy or busy to change from “qwerty” to something far more secure yet memorable. Alternatively, perhaps they believe that by choosing a simple password, they’re double bluffing the criminals.

Never install unnecessary software

Each software installed on your system is a window of entry for a potential Zero Day. It’s recommended that you review the list of software once in a while and uninstall those that you no longer use.

Planned incident response

Even with the above measures, a company can get infected with a zero-day exploit. Well-planned incident-response measures, with defined roles and procedures including prioritization of mission-critical activities, are crucial to minimizing the business damage.

Zero-day exploits are a challenge for even the most vigilant systems administrator. However, having the proper safeguards in place can greatly reduce the risks to critical data and systems.

Protect Your Android Device From Malware

The adoption rate of mobile devices continues to soar, with Android leading the way. The open-source operating system that is led by Google is now found on more than half of all smartphones. This massive user base has caught the attention of cybercriminals, who have begun to double down on their efforts to illegally obtain personal information from Android owners. While most mobile malware is found in countries like Russia and China, users from Europe and the United States aren’t completely immune.

There are a few simple steps you can take to avoid getting your data locked up in an encrypted jail.

  1. App source

Only download apps from trustworthy sources like the Google Play Store. Be wary of any site that allows you to download paid apps for free.

  1. App permissions

Even when downloading from the Google Play Store you need to be careful. Check the permissions the app asks for. Often, apps that include malware will ask for a lot of permissions so that they can quickly gain control of all of your phone’s data.

  1. Settings

Google includes numerous settings in the Android operating system that can prevent malicious attacks. Devices running Android 2.2 or higher, which essentially means nearly all Android devices, have access to Google’s malware scanner. Prior to installing an application, you downloaded outside of the Play store, Google will scan the app and warn you of any potential threats.

  1. Software updates

While this may not be an option for most users, if there is an update for your device make sure you download and install it. Manufacturers, carriers, and Google are constantly pushing out updates with bug fixes, enhancements, and new features that can make your device more secure.

  1. Antivirus apps

The Google Play store is also home to hundreds of antivirus apps that can offer an extra layer of protection. Companies like Avast, AVG, BitDefender, Kaspersky, Sophos, Symantec (Norton), and TrendMicro have long and established histories as some of the most trusted brands in the industry.

  1. Back up your data

Keep your device backed up. You can do this:

  • On your computer.
  • Using a cloud based back up service like Google Drive.
  • On a portable hard disk like a USB pen drive.

Tips on Android ransomware removal

The instructions provided below should help you to remove Android ransomware as well:

Reboot your phone into Safe Mode:

  • Find the power button and then press it for a few seconds until you see a menu. Click Power off.
  • Once you receive a dialog window that suggests you to reboot your Android to Safe Mode, select this option and press OK.
  • If this did not work for you, just turn off your device and then turn it on. Once it becomes active, try pressing and holding Menu, Volume Down, Volume Up or both these buttons together to see Safe Mode.

Uninstall malicious and/or any suspicious and unknown apps:

  • When in Safe Mode, go to Settings. Then, click on Apps or Application manager (this may differ depending on your device).
  • Here, look for the previously-mentioned suspicious app(s) and uninstall them all.

Modern Malware threats are evolving all the time but taking these steps will make it much harder for hackers to gain control of your data. Most of the time cyber criminals are looking to take advantage of silly mistakes that people are make every day. Stay vigilant and 99% of the time you’ll stay safe!