From WannaCry to NotPetya and other malware, the IT world, and the world itself has entered a period of vulnerability. However, if a majority of viruses, Trojan and other nasty piece of code can be easily stopped with up-to-date operating system and anti-malware, a special type of vulnerability leave systems open for attacks, and those are Zero-day attacks.
What is a zero-day attack?
A zero-day is a undisclosed software vulnerability that hackers can use to launch an attack on a computer, a network, data, apps or other computers. Basically, think of a zero-day as an unlocked back door that a thief can use to enter your premises. It’s called zero-day because it leaves no time for the coders to correct the software before a villain can exploit the breach and launch an attack.
Because patching a system, that is modifying the source code to close the back door, can take some time, this leaves a window of opportunity for any hacker to launch an attack. Of course you may ask why software vendors do not close doors as soon as they know they are open. Well, multiple reasons to this. First, it can take time to correct the piece of software since it can have an impact on multiple functionalities that require thorough testing. Then, once the patch is released, users may not apply it immediately, leaving a lot of systems unpatched and exploitable. Some vendors release patches fixed dates, leaving the door opens before the patch is applied. Finally, sometimes zero-day remains unknown from the vendor, as it can be seen as a real weapon for some governments.
Exploiting the zero-day vulnerability
Once a zero day is known, it can be exploited. This can take many forms, depending on the type of breach and on the type of software that has the zero-day. However, this generally translates by leaving a piece of code on the infected machine or by modifying the existing code so the hacker has access to the infected machine. In all cases, the idea of the hacker is to “take ownership” of the machine and its resources.
We are seeing more and more two main types of exploits: ransomware and spyware. Ransomware encrypts your data and ask for a ransom to give you access back. Spyware gets your data as you use your computer and can get your identities and passwords to access your bank accounts and any other of private information. In all cases, these malwares aim at getting something from you, from information to identity, from money to compute power.
How to get protected?
Of course, the first thing you may ask yourself is how to get protected from something you do not know about? Well, there are many ways since we are dealing with computer security. Although hackers are very clever and attacks are more sophisticated, a simple set of good practices will get you protected from most problems.
- Update your software on a regular basis. This sounds obvious and sometimes can lead to catastrophic failures as in the case of Petya which corrupted the software update mechanism of a given software, but this is the first step to generally increase protection. This is particularly important for operating systems (Windows, Mac OS, Chrome, Linux mostly on computers, Android, iOS for phones), browsers and apps that rely on internet connections.
- Use anti-malware that protects you against zero-day exploits and detect breaches. Modern antivirus and antimalware can detect most zero-day by strengthening security of the PC – for instance, requiring your normal identify does not have admin rights –, monitoring any unsolicited modification to executable files and preventing rogue links and attachment to be used. And always check links and attachments before clicking on them. A PDF file, with a .exe extension is not a PDF!
- React rapidly to any exploits. If your system has been compromised, follow the recommendation from your software provider. Sometimes, it’s just patching your system, sometimes it requires a complete reinstallation.
- Backup, backup, backup. The simple and effective procedure against data loss is to backup your data. A word of caution though with services like OneDrive, Dropbox or Google Drive. If those services are great to synchronize your local files with their cloud copies, a compromised system can sometimes replicates the rogue files to the cloud, infecting the copies. So a real backup whether local or remote, an a regular basis provides the best protection against potential data losses.
Zero-day exploits will become more and more frequent and getting protected is crucial. It’s not rocket science, as you can see above, but requires a good process and discipline. Start today, do not wait for the next attack to happen. If you are in a company, talk to your IT department to understand what processes and procedures are in place to prevent zero-day attacks. And finally, avoid to the maximum outdated software that are not supported by vendors, they are the best targets for exploits!