WHAT IS A ZERO-DAY EXPLOIT?
It is often said that the world of cybersecurity is an ever-changing one, and we have found that statement to be correct.
It is often said that the world of cybersecurity is an ever-changing one, and we have found that statement to be correct. Cyber-criminals tend to be pretty smart and sneaky, and they are always looking for new ways to exploit existing systems. Thankfully, there are plenty of equally smart individuals working to stop them, but there is one big limit: They have to know about a threat before they can act. Zero-day exploits are some of the hardest to deal with, so let’s explore the topic a little further.
WHAT IS A ZERO-DAY EXPLOIT?
This is a particular type of cyber attack that involves the use of recently discovered bugs. Have you ever wondered why your favorite software needs to update itself so often? Well, it’s (mostly) because they are constantly attempting to patch gaps and loopholes created by bugs or flaws in the code. It seems that all software is vulnerable to exploitation, so all of it requires regular updates. In response to this, the zero-day attack has become more common than ever before.
When a security flaw or vulnerability is discovered, the company will normally go to work on a patch immediately. They certainly don’t want to be held liable for any damages that might occur, so they are usually pretty quick about that kind of thing. However, it still takes time to make and distribute that security patch, leaving hackers time to continue using that same method. In case you are wondering, “day zero” is the day that the company learns of the problem. Any attack that occurs after that day is not technically a “zero-day” attack.
THE TWO TYPES OF ZERO-DAY ATTACKS
These kinds of attacks are usually classified into one of two categories: Targeted and non-targeted. Targeted attacks, as the name tells us, go after specific groups or individuals. Usually, these will be high-profile targets, as those have the potential for greater gain. This might include large companies, non-profit organizations, online communities, or even government targets.
Non-targeted attacks are a little bit harder to pin down. These usually involve software that is used by large numbers of people (such as word processing software, common operating systems like Windows, or common browsers like Firefox or Chrome. These attacks are usually made for the purpose of building huge botnets, which can then be used to attack and infect other computers. In a case like this, the hacker is casting a wider net in the hopes of catching more.
EXAMPLES OF ZERO-DAY EXPLOITS
ATTACK ON MICROSOFT WINDOWS, JUNE 2019
The attack on Microsoft Windows that has targeted Eastern Europe was identified by a group of researchers from ESET in June 2019. The attack was regarding the local escalation privileges that were a vulnerable part of Microsoft Windows.
Since releasing a patch is the only option in such scenarios, once the threat was identified, the security center from Microsoft took the responsibility of rectifying it.
It can also be assumed similar to a phishing attack where the hackers attack people that are vulnerable to fall for scam emails as well as messages. Microsoft inadvertently left one point in favor of the attackers, and the attackers took advantage of the same.
The attack started via malware, which is also a type of phishing attack.
Another Zero-Day attack example is the one that infiltrated Microsoft Windows in Feb 2019 by (AEP) Automatic Exploit Prevention. It happened before the June 2019 exploit mentioned above. It was the fourth time that the vulnerability of win32k.sys was exploited, after which it was again attempted in June of the same year.
With the help of advanced technologies such as AEP for end-point products as well as BDE (Behavioral detection engine), the discovery of the attack was possible.
To identify if this was also a phishing attempt, technology such as an anti-malware engine was also used.
A patch was released immediately following the same; however, even after fixing it, the attack was attempted again.
This attack affected the android devices from Google due to the vulnerability known as Kernel privilege escalation. The TAG team from Google was the first to identify the same. It occurred via malicious apps that the hackers were using, who then sent out emails about downloading the same in the form of phishing.
Google will be releasing a patch this November to resolve the issue.
THE DNC HACK
It was one of the most popular Zero-Day attacks. The data released about DNC or the Democratic National Committee was due to the recent Zero-Day attacks-2019. There have been about six zero-day exploited vulnerabilities, which are included in the zero-day vulnerability list – 2019, for gaining access to the stolen data. The state backed these discovered vulnerabilities by Russian hackers in Adobe Flash, Microsoft Windows, and Java. To operate on the vulnerabilities, the hackers got involved in a campaign of spear-phishing.
Unlike the phishing campaign, this spear-phishing campaign targeted specific individuals rather than the general public. The Russian hackers had sent out several emails containing booby-trapped links to phishing pages that stole passwords to people related to the DNC. People who clocked on tiny.cc and bit.ly concealed URLs surrendered the control of their personal computer and also the DNC network to the hackers.
DEALING WITH A ZERO-DAY EXPLOIT
Unfortunately, this kind of attack is very hard to counter. As we said at the outset, you can’t really guard against a threat that is completely unknown. Of course, good cybersecurity practices and frequent updating will certainly help, so you should always do those things. Even so, your chances of preventing this kind of attack are not good. Network monitoring is a potential way to detect these problems, but there is no guarantee on that sort of thing.
In many cases, the only thing you can do is disconnect the affected device from the internet until a patch can be issued and installed. If that is not an option, you might also tighten down your firewall settings so that only the most essential connections are allowed. In the case of a website being affected, you might have to simply deal with some downtime. Still, you might be able to use a proxy or VPN provider to temporarily deal with the issue.
This is another example of why everyone needs to practice good data backup. The loss of data is one of the most common effects of a cyberattack, but it’s also one of the easiest to fix. If you have a recent backup, and if it has not been compromised, you can just restore your system and move on as if nothing happened. As a preventive measure, you might want to get in the habit of storing your most sensitive data on a device that isn’t capable of accessing the internet.
In the end, the most important thing is to report what has happened. Give your information to the company that made the affected software or hardware. Depending on the severity of the breach, you might also want to notify the authorities as well. Until someone reports a zero-day exploit, there is little chance of dealing with its effects.
This is definitely one of the most difficult cyber-threats to counter, but the picture isn’t entirely bleak. These types of vulnerabilities usually do not last very long, so you can often wait out the problem until a patch is released. Even so, it pays to be vigilant about your network security at all times. If you would like to know more, please feel free to contact PCH Technologies at any time. We offer excellent computer IT services, including small business computer support services. We can be reached at (856) 754-7500.