Zero-day attacks. Zero what now?

Cybersecurity researchers and journalists often describe hack incidents as “zero-day attacks,” or “zero-day vulnerabilities”. Sometimes they also mention “n-day attack” as well.

Here’s what zero-day attacks are, and why they’re some of the most dangerous attacks you can encounter.

Zero days to react

In your day-to-day activities, you’re likely using all sorts of software: from Microsoft Word and Excel for productivity, to Slack, Teams, or Telegram for communications. 

Depending on the industry you’re in, you could be using different tools - for inventory management, business analytics, customer support - you catch my drift.

The sad reality is that all of this software is flawed. Seriously, there is probably not a single piece of software out there that is 100% secure, hack-proof, invulnerable to anything and everything.

So, the race between the good guys and the bad guys is always on. Both sides are actively hunting for vulnerabilities (Google, Meta, Amazon, they all have dedicated teams, plus bounty hunting programs to reward third-party assistance), and a vulnerability can be “zero-day”, or “n-day” depending on who finds it first.

If cybercriminals find a flaw first, and start exploiting it - it is dubbed “zero-day” because the software’s development and security team has had zero days to address it, before hackers started abusing it. In other words, any bug that was discovered - and abused - by cybercriminals first, is called a zero-day flaw.

Opposed to that are n-day flaws which, as you can probably figure out now, are those bugs that developers already found, and had n-days of time to address them. Whether or not the bug was already fixed before criminals exploited it doesn’t matter at this point. 

The dangers of zero-day flaws

Since the flaws are unknown to both the vendor and the public, this makes them incredibly potent:

• Users will have no defenses in place, and will leave their systems exposed 

• An undefended system means the attacks will be highly effective

• While usually gravitating towards high-value targets (governments, corporations, critical infrastructure), hackers are known for exploiting zero-days against whoever they can

• Zero-day attacks can spread rapidly, as attackers will want to maximize the surprise element before the flaw is fixed

How to protect against zero-days

At first, it might seem there’s not much you can do about zero-days, and that it’s up to software vendors and major security teams to defend the tools you’re using. 

However, there are ways to protect yourself. Here is what I would do:

• Use only necessary software and hardware: If you’re not using it, remove it. Unused tools usually end up unmanaged, and behind on patches, creating a perfect storm for a cybercriminal

• Disable macros & untrusted scripts – Many zero-day attacks use malicious macros in documents or JavaScript exploits in browsers. Disable these unless absolutely necessary

• Restart your devices regularly: Many zero-day exploits exist only in the device’s memory and therefore disappear after you restart them

• Run a firewall - Zero-day vulnerabilities in your software will do little harm if suspicious traffic is blocked before reaching internal systems

• If you’re running a website, a Web Application Firewall (WAF) will help block malicious requests that try to exploit unknown vulnerabilities

• Use Least Privilege Access – Only give employees access to the data and systems they need

• Enforce Multi-Factor Authentication (MFA) – Sometimes, crooks will use zero-days to steal login credentials. An MFA solution adds a valuable extra layer of security

I would also tell you to keep an eye on your network for suspicious traffic, but I’m assuming you’re super busy so I’ll omit that one (but I still highly recommend it!).

That’s it for now.

Until next time, stay safe!

• Sead from SmallBiz CyberWiz