How to detect and prevent zero-day attacks

The dependence of businesses on technology is a double-edged sword. Nobody can deny that almost all markets are witnessing a transformation where technology is becoming the biggest driver of differentiation and progress for businesses. On the other side, nobody can ignore the potential disarray a business can fall into because of a breakdown in the technological setup powering the business. Among the several cybersecurity concerns that modern businesses have to deal with, zero-day attacks are calling for more and more attention.

What are zero-day attacks?

zero-day attacks

An attack that exploits a vulnerability in a program or an application is called a zero-day attack. It’s called so because the developers and responsible cybersecurity team have zero time to defend their systems, and must work in firefighting mode to quickly reclaim control. If you have seen the amazing movie “Blackhat” or any season of “24,” you will have a picture of what this looks like.

Dealing with zero-day attack threats

Prevention is better than the cure — and it’s more difficult to achieve than a cure, sometimes. Zero-day attacks are particularly difficult to prepare against because mostly, security experts don’t even know what they’re securing their systems against. As impossible a task as it might sound, zero-day attack prevention has assumed greater significance because such attacks have been rising in numbers.

zero-day attacks

Zero-day attacks are becoming more and more refined. Organizations are witnessing increasing difficulties in detecting such attacks, let alone preventing them. Frequent operating system and network-settings upgrades and changes also expose systems to zero-day attacks. Like we said, it’s a dismal situation, but that’s why cybersecurity experts are paid their high salaries — to safeguard enterprise systems from these attacks.

Lessons from WannaCry

The May 2017 outbreak of WannaCry ransomware received massive press coverage (hardly a surprise, considering how it accounted for $4 billion in global damage). However, much of the press focused on fear mongering instead of helping businesses understand how the ransomware exploited zero-day vulnerabilities to wreak the havoc it did. Here are some points to help:

  • The NSA discovered the system vulnerability well ahead of the global catastrophe but did not disclose it.
  • By March 2017, Microsoft detected vulnerability in the EternalBlue system that was seen as a potential cause of Windows system breaches.
  • To plug the gap, Microsoft released emergency security patches.
  • However, many users did not upgrade their operating systems and fell prey to the full-blown ransomware attack.

In this manner, zero-day vulnerability in many systems allowed ransomware to deeply compromise several computers and networks across the globe. The expanse and impact of such attacks can hardly be underscored — they can potentially bring economies to a standstill!

The biggest lesson that WannaCry taught businesses and their IT departments was to focus on patching software and upgrading to the latest security releases.

Machine learning as a long-term solution

Dependence of businesses on technology

There’s an inherent problem with all threat detection models based on statistics and signatures. Though these methods work all right for known security threats, they are found wanting when it comes to zero-day attacks. Because these traditional methods are dependent on databases of known threats, they prove to be very limited in capabilities when it comes to combating changes in attack methodologies.

This is where behavior-based detection systems come into the picture. Instead of purely focusing on a database of threats, these systems evaluate programs and try to anticipate whether their actions are actually intended, or linked to a deliberate change in function. With time, these systems are exposed to the entire operations profile of programs and are able to raise alerts when they detect suspicious data access attempts.

As of now, enterprises are working toward implementing hybrid models that leverage the benefits of database-based and machine learning-based algorithmic models. Once such a system stabilizes, it becomes a matter of blocking weak endpoints in user systems and software, monitoring for unusual program behavior, and adding to the database of known and verified program operations.

Deploy an incident response team that’s trained in tackling zero-day attacks

Irrespective of the kind of security measures you put in place, zero-day attack threats can’t be ruled out. So, it’s best to be prepared to meet the kind of challenges such an attack throws at you. Kind of like how the Astros were ready for the Dodgers in the World Series, but that is another topic.

  • Segregate responsibilities so that response team’s members know what they need to do once chaos ensues.
  • Establish dependable means of communication, keeping only the relevant people involved, to prevent the spread of panic, without compromising on information flow.
  • Mock drills are a salient way to keep the incident response team’s machinery well-oiled. You do not have to wear people down and bore them to death, but you need to drill and you need to have contingency plans in place when a threat announces itself.
  • Invest in training of the team so that they can use the latest tools and technologies to limit the impact of zero-day attacks, and ensure business continuity in the process. Apple did this during the turn of the century when they went to Intel chips — their business kept running as they transitioned to Intel. Even Bill Gates was impressed with that!

Other measures you can take

Apart from what we’ve covered above, here are some other measures that will help you prevent zero-day attacks.

  • Never, we repeat — never, install any unnecessary software on your computer systems. Every computer program is a potential source of zero-day vulnerabilities. It’s a sagacious practice to review the list of software in use in your enterprise systems and uninstall those that aren’t needed.
  • Entrust people with the responsibility of ensuring that all used software is kept updated.
  • Though it’s very difficult to prevent an attack that exploits an unknown vulnerability in your applications, it’s possible and practical to deploy firewalls that report and foil any unauthorized and suspicious attempts to access your enterprise data.

Control the chaos

It’s estimated that by 2022, the proliferation of zero-day attacks will be so huge that cybersecurity experts will be faced with the challenge of addressing these issues on a daily basis. To be in a position to control the chaos, it’s vital that enterprises keep investing effort into implementing strong operational controls and executing thorough and periodic security audits to identify gaps and fill them.

Photo credit: Wikimedia

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top