What is a Zero-day exploit?
On average it takes seven years for a zero-day exploit to be discovered. That means attackers can spy on businesses and organisations through security gaps in their applications over a period of seven years. The economic damage this can bring about is enormous.
This makes it all the more important for businesses to take their IT security seriously and take measures to protect themselves from such attacks.
What is a zero-day exploit?
The term “zero-day exploit” is based on the fact that a business has zero days to close a security gap before it becomes a danger because generally the company only notices the weak point in its software after the damage has been done. Attackers will have already discovered and made use of the security gap long before it is discovered to plant spyware or malware with the help of rootkits, Trojans and other tools.
Zero-day exploits are hacker attacks where attackers take advantage of a security gap in software before businesses recognise it and have a chance to program a patch for the weak points.
Chronology of a zero-day exploit:
- The developer programs software and writes code that inadvertently contains a weak point (zero-day vulnerability) via which attackers can take information or manipulate systems.
- An attacker finds the weak point before it becomes apparent to the company. Instead of notifying the company about the error, the hacker writes code (called exploit) to take advantage of the gap. The hacker may not use the code himself, but rather sell it on the black market, where he can get up to several thousands of pounds for it.
- The company becomes aware of the zero-day exploit, whether by chance, customer feedback or a damage report. Only now can developers create a security patch to close the gap. But the damage is (most likely) already done.
Who is most at risk?
Gateways for exploits are mostly applications for major digital companies like Google, Apple, and Microsoft. Microsoft, in particular, is a common target for zero-day attacks. This means that essentially all companies that use software by these providers are at risk.
The risk of falling victim to a zero-day exploit increases for businesses as they become more successful because they more readily attract the attention of cybercriminals. However, small businesses in very competitive industries could become targets of exploits that are regularly used in industrial espionage.
Since 2014, Google has maintained a list of the largest known zero-day exploits. Microsoft, Apple, Facebook, Adobe, Mozilla and many others are found on the “0day – in the Wild“ list.
What makes a zero-day exploit particularly dangerous?
Zero-day cyberattacks are particularly dangerous because the hackers have a time advantage over their victim. Months and years could go by with attackers spying on companies and going unnoticed.
Anti-virus software doesn’t recognise these exploits because the attack patterns are unknown and so aren’t present in a database. When the weak point is finally found, the affected companies are unable to react immediately, but have to wait for developers to publish a security patch for the affected software. Only after installing this patch, security is restored.
If the software manufacturer publishes a patch that, for whatever reason, is not installed by the company, the security gap remains.
In addition to the black market, some hackers offer zero-day exploits for sale to software manufacturers to enable them to secure their products.
How can companies effectively protect themselves from zero-day exploits?
Protection from zero-day exploits is difficult, but security measures can minimise the probability of them causing damage, even if an attack does take place.
While traditional anti-virus software isn’t effective against zero-day exploits because of the unknown virus signature, behaviour-based security solutions can provide effective help. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) monitor data movements and data access in the company with the help of algorithms and heuristics, and produce warning signals if anomalies are detected. Some of them automatically take countermeasures.
Businesses can reduce the danger of data misuse by implementing encryption, authorisation systems, and checks.
Because any software could be the target of an exploit attack, the number of applications installed should be kept to a minimum. Companies should always use the most current version of a software and update software regularly (including available security updates). Applications that are not used should be removed from computers.
These measures can’t prevent an attack, but they can significantly reduce the risk of suffering financial damage through a zero-day exploit.