Lately, Zero-day attacks are being exploited to target small as well as large businesses.
Zero-day attacks are cyberattacks that target zero-day vulnerabilities, software flaws that are not yet known to the developer. As such, these are not yet addressed or patched. In other words, these are newly discovered software bugs or issues being exploited by cybercriminals. Around 50% of the malware detected in 2019 were considered as zero-day threats.
In many cases, these threats are able to attack mobile apps, client software, web-based applications, as well as operating systems if their signatures have not appeared in antivirus databases yet.
As mentioned, these are designed to take advantage of newly discovered vulnerabilities, so they are deployed as soon as possible, when the potential victims are not prepared. These attacks can be used to hijack accounts, compromise networks, and steal data.
Most dangerous threats to enterprises
Zero-day threats, along with fileless attacks, are considered as the most dangerous threats to enterprises according to Ponemon Institute’s 2018 State of Endpoint Security Risk report. With their prevalence, these threats can be costly to victims.
The Ponemon report estimates that the average loss each successfully targeted business incurs is around $7.12 million or $440 for every endpoint. Interestingly, SMEs tend to suffer more from these attacks, with their per endpoint average loss averaging at $763.
Moreover, the report says that the cost of successful endpoint-based attacks grew by approximately 42% when compared to the 2017 data. These threats are said to be four times more likely to succeed in penetrating targets as more than three-quarters of them leverage polymorphic and unknown malware.
Recent zero-day attacks
Zero-day attacks are unlikely to become less prevalent in the foreseeable future. Just recently, several reports about various zero-days surfaced.
One exploit concerns Zoom, and it is being sold for $500,000. It is a security vulnerability affecting the latest Windows and macOS versions of the popular video conferencing software. Reportedly, this bug makes it possible to spy on Zoom sessions and users.
On the other hand, three zero-days were discovered in Windows. They have already been patched by the software giant, so it’s important for Windows users to update their operating systems as soon as possible.
One vulnerability in iOS was also reported recently, discovered by researchers of a private security firm while conducting an incident response investigation for a customer. The bug is said to be triggered by a specially crafted email coursed through the MobileMail inbox. It affects iOS 13.4.1.
Meanwhile, a security researcher revealed four zero-day issues in the IBM Data Risk Manager (IDRM). Ironically, this software is one of IBM’s proprietary enterprise security tools.
The threat involves four issues: bypassing the IDRM authentication protocol, a flaw in the hardcoded username and password combination, the presence of a command injection point in one of IDRM’s APIs, and another bug in the API that makes it possible for remote hackers to steal files.
Moreover, a zero-day flaw was reportedly taken advantage of by Moobot, a chat moderation and command bot, to compromise Fiber routers. Even the Sophos firewalls also got entangled with the zero-day problem. Attackers found a flaw that can be remotely exploited to steal data.
Zero-day attacks have been quite successful in exploiting newly found security flaws in applications. For many, nothing much can be done about it, especially if it’s something that works in the background and does not have any manifestation. However, there are solutions that can help mitigate the problem or make sure that the vulnerability does not escalate into something more serious.
RASP – one of the best solutions against unknown and silent cyber attacks is RASP or runtime application self-protection. It is specifically designed to counter zero-day vulnerabilities. It works against unidentified attacks by sitting within the software it is designed to protect, and detecting and preventing anomalous activities from within.
RASP does not rely on viruses or malware signatures. Instead, it uses a special code that evaluates data, or other inputs into an application, as a code. This system examines the potential effects of this “code” and determines if they are good or bad. If it’s good, the input proceeds. Otherwise, it is blocked and isolated.
Simply put, RASP is programmed to establish a state of normalcy or acceptability. Before taking in a “code,” it somewhat simulates its possible effects and compares it to how the app would behave if it were fed a normal input. If the “code” does not correspond to normal behavior, it is rejected. With this setup, threat identification or signature scanning becomes unnecessary.
Buffer overflow detection – A butter overflow is an anomaly wherein a software writes data to a buffer beyond the set boundary. It results in overwriting into adjacent memory sectors. The software can be infused with the ability to detect buffer overflows and, with the help of heuristic termination analysis, stop the process that is causing overflow so it does not escalate into something worse.
Vulnerability scanning – This is not exactly a measure that detects and stops zero-day attacks. Vulnerability scanning is more of a precautionary measure to minimize the number of possible vulnerabilities in an application.
Input validation and sanitization – Related to vulnerability scanning, this anti-zero day process is undertaken to impose restrictions on the kind of inputs that will be accepted by an application. There are instances when apps interpret inputs as valid commands to execute something unexpected or harmful.
It’s like what happens when you enter the keyword phrase “do a barrel roll” into the Google search bar (then click search), and the page rolls. The input creates an effect the developers of the software are unaware of or something they did not anticipate. Note: the Google “barrel roll” effect is only used as a demonstration here. It’s not a bug. Google’s developers intentionally added that fun effect.
Web application firewall (WAF)– The use of a WAF is an effective way of preventing zero-day attacks. It does a good job defending a network from new and unidentified threats by reviewing all traffic going into a network to spot potentially malicious elements or features. It relies on threat signatures and a special algorithm to detect security vulnerabilities.
Zero-day attacks have been notably effective mainly because they are new and unknown. Most malware protection systems focus on identifying and blocking threats based on signatures. These costly cyber threats, nevertheless, are preventable.
Nevertheless, there are proven solutions for detecting and preventing zero-day threats. These solutions are mostly geared towards enterprises, though. For ordinary computer users, the viable solution is to ensure regular software updating.