How to Protect Yourself from Zero-day Attacks
When it comes to the different types of cyberattacks, zero-day exploits are the worst. I am terrified of them and hackers love them. When fully exploited the returns on a zero-day vulnerability are immeasurable.
And all you have to do is check the cost of a zero-day exploit in the black market to understand its value. In one instance that was discovered by researchers from a security firm called Trustwave, a Russian hacker was demanding $90,000 for a local privilege escalation (LPE) vulnerability in Windows.
The exploit worked on all versions of Windows and would allow an attacker to gain remote access to a victim’s system and access resources that would otherwise be unavailable to them.
The black market aside, there are also legit exploit acquisition companies that will pay a fortune for a zero-day vulnerability.
One of the more popular ones is Zerodium that is open to paying anywhere from $10,000 to $2,500,000 depending on the popularity and security level of the affected system.
What is a zero-day exploit
It’s an attack on systems that takes advantage of vulnerabilities that are unknown to the system developer and the system vendor.
And that is what makes zero-day attacks so devastating. From the time that the vulnerability is discovered to the time a fix is created, hackers have enough time to wreak havoc on systems.
Also, since the vulnerability is previously unknown, traditional antivirus software will be ineffective because they don’t recognize the attack as a threat. They rely on malware signatures that are already in their database to block attacks.
So, the only time that the traditional antivirus software can protect you against zero-day attacks is after the hacker has developed a zero-day malware and carried out an initial attack.
But by then it will no longer be a zero-day threat, right?
So, what do I recommend instead? There are a number of steps you can take to protect yourself from zero-day threats and we will discuss all of them in this post.
It all starts with you switching to a next-generation antivirus that does not rely on traditional methods to stop attacks.
The Stuxnet attack
While we are talking about zero-day exploits how about I tell you about the greatest and most brilliantly executed zero-day attack. The Stuxnet attack.
It targeted a Uranium plant in Iran and was created to sabotage Iran’s plan to create nuclear weapons. The worm used in the attack is believed to have been a collaborative effort between the US and Israel governments and exploited four zero-day flaws in the Microsoft Windows operating system.
The incredible thing about the Stuxnet attack is that it transcended the digital realm and managed to cause damage in the physical world. It reportedly led to the destruction of about one-fifth of Iran’s nuclear centrifuges.
Also, the worm was intentional in its purpose in that it did little or no damage to computers that were not directly connected to the centrifuges.
It gets more interesting. The nuclear plants were air-gapped meaning they were not directly connected to the internet. So, what the attackers did was to target five Iranian organizations that were directly involved with the nuclear project and rely on them to spread the worm through infected flash drives.
Two variants of the Stuxnet worm have been discovered. The first was used in 2007 and managed to go undetected until the second one with significant improvements was launched in 2010.
The Stuxnet worm was finally discovered but only because it accidentally extended its attack scope beyond the Natanz nuclear plant.
The Stuxnet attack is an example of how zero-day vulnerabilities can be exploited unconventionally. It also highlights the effects of these types of attacks on corporations. These include lost productivity, system downtime, and loss of trust in the organization.
The more conventional ways that zero-day vulnerabilities are exploited include:
- To steal sensitive data
- To load malware into systems
- To gain unauthorized access into systems
- Gateway for other malware
Examples of zero-day attacks in 2019
Operation Wizard Opium
This zero-day vulnerability was found on Google chrome and it allowed hackers to gain unauthorized access to the affected system.
The first instance of the vulnerability being exploited was discovered on a Korean news site by the Kaspersky security solutions.
Hackers had injected the site with malicious code that was responsible for determining whether readers visiting the site were using the targeted version of google chrome.
Whatsapp zero-day exploit
Hackers were able to exploit a vulnerability on Whatsapp that allowed them to inject spyware into the victim’s phone.
The attack is believed to have been perpetrated by an Israeli surveillance company called NSO Group and it affected up to 1400 people.
iOS zero-day exploit
In February 2019, Ben Hawkes, a security engineer at Google, through his twitter handle came public about two iOS vulnerabilities that hackers were exploiting.
They were all addressed in the next version of the operating system together with another vulnerability that allowed users to spy on other users by simply initiating a group facetime call.
Android zero-day exploit
Late in 2019, the Google project zero team discovered an exploit in Android that allowed attackers full access to various types of phones including Pixel, Samsung, Xiaomi, and Huawei.
These attacks were also linked with the Israeli firm, NSO but the company denied it.
Zero-day threats on smart home hubs
Two ethical workers won a total prize of $60,000 on the Pwn20wn hacking contest held annually after they successfully exploited a zero-day vulnerability on an Amazon Echo.
They took advantage of the exploit by connecting the Echo device to a malicious WiFi network. In the wrong hands, this exploit can be used to spy on you or unknowingly take control of your smart home devices.
See how I deliberately gave examples of zero-day attacks targeting different types of systems? That is to prove to you that nobody is safe.
The threat is now even more imminent with the increased popularity of IoT devices which don’t include an easy way to apply patches. Developers are focusing more on functionality rather than security.
Measures you can take to protect yourself from zero-day attacks
1. Use Next-Generation Antivirus (NGAV) solutions
Unlike traditional solutions, NGAV programs don’t rely on existing databases to detect malware. Rather, they analyze the behavior of a program to determine whether it means to harm the computer.
To make things easier for you, I will recommend to my top two NGAV solutions to use.
Best Antivirus programs to protect yourself against zero-day attacks
I love Bitdefender for a number of reasons. First, it’s one of the few security solutions that has been vetted by AV-Test, an organization that tests and rates security solutions. Multiple solutions claim to use advanced signature-less detection methods but it’s just a marketing stunt.
Bitdefender, on the other hand, has been proven to block 99% of all zero-day attacks and has registered the least number of false positives in several tests.
This antivirus solution also comes with an anti-exploit feature that focuses primarily on potentially vulnerable applications and will actively analyze any process acting on the application. If any suspicious activity is detected then you can configure the antivirus to automatically block it or you can choose to be notified so that you can choose the right action.
This antivirus is available in different packages depending on if you are using it in a home or work environment.
Norton is a complete security suite that will effectively guide you against all forms of cyberattacks.
The antivirus leverages an existing database of malware and behavioral analysis to protect you against known and unknown attacks.
It’s especially useful that Norton comes with a Proactive Exploit Protection (PEP) feature that adds an extra protection layer over the most vulnerable applications and systems.
This is further reinforced by the Power eraser tool that scans your computer and removes any high-risk application and malware that may have infected your computer.
Another impressive aspect of Norton is that it creates a virtual environment where it can test what various files do. It then uses machine learning to determine whether the file is malicious or healthy.
Norton antivirus is available in four plans and each one of them offers its own set of functionalities.
2. Windows Defender Exploit Guard
Normally, I am not one to recommend Windows default programs but the addition of Exploit Guard into the Windows Defender security center has softened my resolve.
Exploit guard has been divided into four main components to help guard against different types of attacks. The first is Attack surface reduction which helps block attacks based on office files, scripts, and emails.
It also comes with a network protection feature that analyzes all outbound connections and will terminate any connection whose destination looks suspicious. It is able to do this by analyzing the destination’s hostname and IP address.
On the downside, this feature will only work if you are using Microsoft Edge for browsing.
The other component is Controlled Folder Access that prevents malicious processes from accessing and modifying protected folders.
Lastly, Exploit guard offers Exploit mitigation which works collaboratively with the Windows Defender Antivirus and third-party antivirus to reduce the effects of potential exploits on Applications and systems.
These four components have facilitated the transformation of Windows Defender from a traditional antivirus to a next-generation security solution that analyzes the behavior of a process to determine whether it is malicious or not.
Admittedly, Windows Defender cannot take the place of premium third-party security solutions. But, it’s a nice alternative if you have a fixed budget.
3. Regularly patch your systems
If a patch has already been released then it means the threat is no longer zero-day because the developers are aware of its existence.
However, it also means the vulnerability is now available to the public and anybody with the necessary skills can exploit it.
To ensure that the exploit cannot be used against you, you should apply the patch immediately it is released.
I even recommend that you configure your system to actively scan for patches and automatically apply them if found. This will eliminate any delay between the time that a patch is released to the time that it is installed.