Cybercrime is on the rise, in the 2020 - 21 financial year alone, the Australian Cyber Security Centre (ACSC) received over 67,500 cybercrime reports, an increase of nearly 13 per cent from the previous financial year and equated to a report every 8 minutes. Because of this rapid increase in cyberattacks, Australian businesses are starting to take notice and are being forced to improve their own cybersecurity to meet compliance requirements or their own customer/client expectations.
Understanding prevalent cyber threats is a major step toward identifying and preventing a cyber attack or data breach from happening. Apart from common cyber threats like ransomware, phishing, distributed denial of service, or social engineering attacks, cybercriminals are exploiting zero-day vulnerabilities to gain unauthorised access to a business-critical infrastructure. So what are zero-day vulnerabilities?
This article will provide you with all the information you need to understand what they are and how best to protect your business against them.
What is a Zero Day Vulnerability?
A zero-day vulnerability is a vulnerability that hasn’t been discovered by a software developer or vendor. The term ‘Zero day’ refers to the number of days the software developer has had to fix the flaw, meaning that cybercriminals have a chance to exploit the vulnerability to gain unauthorised access to a business’s systems and networks before the software developer or vendor has a chance to address the vulnerability and patch it.
What is the difference between a zero-day, exploit, vulnerability and attack?
These terms tend to be used interchangeably in an incorrect manner, so it is important to note the difference between their meanings:
- Zero-day vulnerability - is a software vulnerability discovered by attackers before the vendor has become aware of it, therefore giving them a headstart to exploit it before it is patched or addressed by the vendor.
- A zero-day exploit - is the method the cybercriminal or hacker uses to take advantage of the vulnerability to attack a system or network.
- A zero-day attack - refers to when a cybercriminal uses a zero-day exploit to cause damage to or steal valuable data from a business through their system or network that is vulnerable.
Lock Down Your Cybersecurity & Compliance
Protect, Certify & Grow Your Business
Stay a step ahead of the hackers with a continuously evolving cybersecurity strategy, and round-the-clock monitoring of your business assets and systems.
How does a Zero-day attack work?
There is an ever-constant battle between malicious actors and software developers, malicious actors are on the hunt for vulnerabilities in the software that are exploitable, while the developers or vendors are doing the same so that any vulnerability or weakness is patched via a software or security update before a cybercriminal exploits it as part of a cyberattack.
However, there are times when a cybercriminal identifies a vulnerability in software before its own developer or vendor does. A Zero-day attack happens when a vulnerability in software that hasn’t been discovered by its developers, is exploited by a cybercriminal. Once these cyber attacks happen, it can take days, weeks or even months to identify the vulnerability that leads to the attack. Even once discovered and a zero-day patch is created by the software developer, it can take users significant amounts of time to install these zero-day patches, thus giving cybercriminals ample time to take advantage of these zero-day vulnerabilities.
Once an exploit is discovered by the developer and a patch is released, the vulnerability is no longer referred to as a zero-day threat. But in the time that it takes developers to discover these zero-day exploits, cybercriminals can sell these exploits on the dark web for large sums of money.
Examples of infamous zero-day attacks:
- Zoom (2020) - Hackers used Zoom to access a user’s computer remotely if they were running an older version of Windows. This zero-day vulnerability allowed hackers to completely take over a user's machine and access all their files.
- Apple iOS (2020) - Similar to the zero-day vulnerability with Zoom, hackers took advantage of a bug that allowed them to compromise iPhones remotely.
What is the challenge with preventing zero-day attacks?
Cybercriminals are getting more sophisticated, studies show that zero-day attacks have had a rapid increase, with the average time to exploitation down from 42 days in 2020 to just 12 days in 2021. Although larger organisations are at the greatest risk when it comes to zero-day attacks, smaller businesses are being targeted more by cyber criminals.
This is because many small to medium businesses lack the cybersecurity to combat cyber threats, making them easy targets for cybercriminals. For example, large organisations have entire teams monitoring their network traffic, as well as being heavily regulated when it comes to their cybersecurity. The opposite is true for small to medium businesses, with a large number of them unaware of the importance of cybersecurity and unable to afford it or unwilling to invest in an in-house cybersecurity function or team.
According to IBM’s Cost Of A Data Breach report in 2021, the average response time to a data breach was:
- It took an average of 287 days to identify a data breach.
- The average time to contain a breach was 80 days.
- Healthcare and financial industries had the longest data breach lifecycle — 329 days and 233 days, respectively.
- The data breach lifecycle of a malicious or criminal attack in 2020 took an average of 315 days.
What can small businesses do to protect against zero-day attacks?
It is hard to fix a vulnerability that hasn’t been discovered by a security team or a software developer, this in essence is the biggest challenge in dealing with zero-day attacks. Although it’s impossible to completely eliminate the threat of a zero-day exploit, there are steps every small business should take to increase its overall cybersecurity and protect against zero-day threats.
1. Install a firewall
A firewall acts as a barrier between your trusted, internal network and everything else outside of your network. Not only can you prevent unwanted intrusions, this will also help protect your organisation against a slew of other threats such as viruses, malware, ransomware, etc.
2. Use a virtual LAN
A virtual local area network (LAN) allows you to segregate certain areas of your network so that you’re able to better protect sensitive traffic as it flows between servers. By isolating that traffic in this manner, you’re not putting your network at unnecessary risk, which gives you an upper hand over cyber criminals.
3. Use a SIEM solution
A security alerting system such as a security information and event management (SIEM) platform is ideal because it keeps your organisation one step ahead of threats. For instance, if a potential threat is detected, a SIEM would log the activity, create an alert and ensure that security controls stop an activity’s progress. As a result, this greatly increases the chances of saving your organisation from a zero-day attack.
4. Limit network privileges
Often the biggest danger isn’t a malicious outside threat. It’s the individuals within your company who seem most trustworthy. One way to minimise the threat of an “inside job” is to simply limit network privileges. In other words, only give individuals access to the tools and data that they need to perform their duties and nothing else, this will go a long way in reducing your overall attack surface.
5. Limit application usage
The more applications your organisation uses, the larger your attack surface becomes. Therefore, it’s a good idea to have some type of policies in place to dictate which specific applications employees can use and download. Minimising that number and using what you really need along with controlling what can be downloaded ensures that you’re not putting your organisation at unnecessary risk.
6. Ensure you are up to date with all security patches and software updates
This should go without saying, but it’s imperative that your organisation remains up-to-date with patches. Remember that time is always of the essence. The moment that a patch becomes available for a security hole, it should be applied immediately. Although this won’t 100 per cent guarantee that a zero-day exploit won’t occur, it makes it much more difficult for perpetrators to carry out an attack.
How can StickmanCyber help?
We know that cybersecurity can be an overwhelming prospect for business owners, especially ones that own small to medium businesses with a limited budget. There are many things to consider when building a cybersecurity strategy, like which framework to follow and what to prioritise when it comes to implementation. At StickmanCyber we are here to help you with your cybersecurity journey.
With growing cybersecurity attacks, most businesses lack the skills and time to mitigate their risks; we provide a comprehensive fully managed service that protects and certifies your business, resulting in mitigating your risks, building trust, winning and retaining clients. Speak to an expert today, to learn more about how you can protect your business.
The First Step is Crucial. Start with a Cybersecurity Assessment
Where are you at your cybersecurity maturity journey? Get an assessment of your current security posture and identify the gaps and challenges that you need to act upon.