Header Ads

Zero-Day Attacks: What They Are, and What You Can Do About Them

You’re surfing the Internet, clicking on sites you’ve never visited before, but they aren’t raising any red flags. You’re confident that your virus protection is up-to-date, that you have a strong firewall and that you have enough knowledge to successfully avoid malware and other problems.

And yet you soon find your computer is infected with adware, or maybe a program suddenly doesn’t work as it should. As you work to find and remove the source of the problem from your machine, you are baffled. How could you have acquired such an infection when you’ve taken all of the recommended security precautions? How is it possible that something got through?

Congratulations: There’s a good chance you’ve become the victim of a zero-day attack.

Zero-Day Attacks: The Basics

Every computer program vulnerability starts somewhere. In most cases, the vulnerability begins when the software is written; even well-written programs can have holes or vulnerabilities that are ripe for exploitation. In other cases, the vulnerability is created when hackers and cyber criminals write their malware, and they find a way to poke holes in the security of a particular program.

No matter how the vulnerability is created, when attackers create malware that exploits it before the developers have either noticed the problem or released a patch for it, it’s known as a zero-day attack. Zero-day refers to the fact that it’s been zero days since anyone was aware of the problem. In some cases, the attacks are known as zero-hour. Attackers take advantage of the fact that the software developers have not yet addressed the problem by quickly releasing malware that attempts to exploit the vulnerability and infect as many machines and networks as possible before a patch is released.

While some zero-day attacks are relatively innocuous, spreading adware or spam generators, many attacks are far more serious. For example, in 2009, hackers exploited a vulnerability in a popular Web browser that allowed them to gain access to the networks of major corporations, including Google, and steal vast amounts of data.

Spreading the Attacks

Zero-day attacks are spread three different ways: email, websites and software. An email attack generally takes place through an attachment or link in an email message. However, email attacks tend to be the least effective, as most people know how to identify potentially harmful messages and are generally reluctant to click a link or open a file from an unknown source.

Website attacks are by far the most common means of spreading zero-day exploits. Attackers load the malicious code onto otherwise innocuous websites, and when an unprotected user clicks on the site, the cod loads onto their machine. In some cases, hackers are able to attack large, frequently visited sites. For example, in one case, attackers were able to access the website of a major European newspaper and inject malicious code — which then infected the vulnerable machines of anyone who visited the site.

Finally, software vulnerabilities also contribute to the spread of these exploits. This is common when a new version of a popular software program is released. The developers may not be aware of a security hole, or they might be working on a fix to a known issue, and attackers take advantage of it. For that reason, some experts recommend waiting a few weeks before upgrading to new versions of software after they are released, as most of the holes will have patches and your risk is reduced.

Protecting Yourself

Given that zero-day attacks often take place before anyone knows what is happening, ensuring network security can be challenging. The fact is, in many cases you can avoid falling victim to a zero-day attack.

First, robust security solutions are vital; up-to-date virus protection, anti-spyware and adware controls and a strong firewall are imperative for blocking intrusions into your machine and networks. The best security solutions also use a heuristic approach to identifying and containing threats. Traditional virus protection has relied on signatures to identify and block harmful software: When a program with a signature matching that of a known threat attacks a machine, it’s blocked. The heuristic approach blocks known threats, but also identifies unusual behavior or new programs and blocks them before they create problems.

Installing patches and updates in a timely manner also offers protection. Some security experts point out that these attacks often succeed because users fail to properly update their machines. Maintaining awareness of existing and potential threats and taking all necessary precautions is vital to keeping your network and machines secure against a potentially disastrous zero-day exploit.

No comments: