Learning From Recent attacks to Establish Robust Zero Day Protection Regime

Every security team finds it difficult to prevent zero-day attacks effectively. They arrive without any warning and bypass standard security protocols easily. To help reduce their risk and improve zero day protection, organizations and individuals must learn from recent attacks.

There are many definitions available for zero-day attacks over the internet. Some refer to these attacks targeting vulnerabilities that organizations/ developers do not patch or make public. In contrast, others categorize them as attacks exploiting a vulnerability on the same day it is made public (zero-day).

One widely accepted general definition is that zero-day attacks target unpatched and publicly known vulnerabilities.

How are Zero Day Attacks Discovered?

Zero-day attacks are a type of malware attack that exploits a software vulnerability that the developer may or may not know. Hackers bypass security through a software vulnerability and gain unauthorized access to the system. They can then steal confidential user data. In most cases of zero-day attacks, they get discovered after significant damage is already done. How these attacks get found is a function of the attacked software and the team working on it.

Recent Zero-day Attacks of 2019 and 2020

One can get in-depth knowledge about the working of these attacks by going through zero-day attack examples. Given below is a zero-day vulnerability list 2019 and 2020.

  • Microsoft warned its users in March 2020 about zero-day attacks in which hackers exploited two separate vulnerabilities. The vulnerabilities were shared among all supported Windows platforms, without a patch available shortly.
  • The legacy browser by Microsoft, Internet Explorer (IE) became a new platform for hackers carrying out zero-day attacks. The hackers leveraged a vulnerability in the browser when users visited the website, which they created for exploiting the flaw.
  • Recently on Halloween night, hackers were exploiting a zero-day vulnerability in the popular browser Google Chrome and installing malware in user systems by using a Korean website. However, Google managed to salvage the situation and patched the vulnerability quickly.
  • Chinese hackers created a malware known as MessageTap, which exploited vulnerabilities in the telecom network. It could intercept SMS messages being sent through telecom networks.
  • An Israeli Organization, the NSO Group, exploited a zero-day vulnerability in Whatsapp’s VOIP calling, alleged Whatsapp’s parent company Facebook. It claimed that about 1,400 users were targets of this attack. Users of the Kingdom of Bahrain, the UAE, and Mexico were the main targets.
  • There was a vulnerability discovered by a 14-year-old kid in the Facetime feature of Apple. According to him, his friend could listen to his group conversation without lifting his phone. It was later named the ‘Facepalm” bug.
  • Google recently discovered a zero-day vulnerability in devices running on the Android platform. The vulnerability was present in the kernel code, and hackers could exploit it for accessing the root directory. According to Google, Xiaomi, Pixel, Samsung, and Huawei devices were vulnerable.
  • Alexa and Google Home have become our smart companions. But, people don’t know that hackers can eavesdrop on them through these intelligent devices. The attacks required users to key-in their Amazon or Google password for solving a fake error.

Zero-Day Attack Prevention

It is a tremendous reputational and financial threat if an organization realizes that is is a target of a zero-day attack. Notwithstanding the professional IT teams that many organizations deploy, hackers today are more technologically advanced than ever. A few zero-day attack prevention measures are listed below:

  1. Organizations must design, implement, and maintain a control policy for avoiding zero-day attacks. It is beneficial because these attacks are difficult to detect.
  2. The importance of keeping updated software and hardware cannot be understated. It will help prevent the risk, and exploitable vulnerabilities can emerge in updated scans. Thus, developers can patch discovered vulnerabilities quickly.
  3. Employee behavioral analysis and modifying the organizational IT policies according to it.
  4. For keeping the systems and network secure, IT teams must continuously monitor unusual program behavior.

Conclusion

As evident from recent zero day attacks, an increasing number of end-point users are becoming targets of hackers. These attacks are difficult to predict, but it is not impossible to prevent and block zero-day attacks. Thus, efficient zero-day protection is possible through the collaboration of administrators, IT teams, and employees.

Leave a Reply

Your email address will not be published. Required fields are marked *