Zero days
Zero days: What is it? Can it be stopped?

Imagine a virus that is so sophisticated that it can halt a powerplant, interfere with air traffic control, or destroy infrastructure. Chances are good, that it was a zero-day. A zero-day exploit is a scary weapon and can cripple a business if discovered too late.

What is a zero-day?

A zero-day gets its name because of the nature of the exploit. Vulnerabilities are reported, identified, and patched, but a zero-day is an undiscovered vulnerability in a software that has no cure. When discovered by hackers and Governments, they can be kept secret for days, months, or years and then when needed, be fully executed to cause damage. Nation states have been accused of using these software bugs in Cyberwarfare, but they don’t just attack governments.

Many of the most damaging self-replicating worms on the internet were zero-day viruses that spread quickly through vulnerable hosts. Think of a zero-day of a newly discovered disease that has no cure, and imagine it infecting every host it can before being quarantined. Even if developers can patch the vulnerability and stop the attack, the damage could already have been severe. In a short amount of time, a hacker could gather credentials or exfiltrate data while a company is scrambling to contain the bug.

How can this be stopped?

The very nature of a zero-day is the fact that is can be a surprise attack. Since there is no known cure for the virus when it is released, the best method of prevention is early detection. Keeping software updated at all times and applying security patches as quickly as possible is critical to combating these attacks. With a defense in depth approach, using layered security, information systems can be protected by network defense technologies. An intrusion prevention system (IPS) can stop a cyber-attack based on abnormal activity. Identifying risks in your software and hardware supply chain can also be useful in prevention. Lastly, the security operations center (SOC) monitoring teams can detect suspicious activity fast and stop it, if needed. These methods combined will allow you to be more prepared for, not if, but when the next zero-day attack happens.

Share this content:
Related posts: