Zero-day Exploit (Cyber Security Attack)
In this IT era, majority of the cyberspaces are vulnerable to different kinds of attacks.
Zero-day exploit is a type of cyber security attack that occur on the same day the software, hardware or firmware flaw is detected by the manufacturer. As it’s been zero days since the security flaw was last exploit, the attack is termed as zero-day exploit or zero-day attack. This kind of cyber-attacks are considered dangerous because the developer have not had the chance to fix the flaw yet. Zero-day exploit typically targets large organizations, government departments, firmware, hardware devices, IoT, users having access to valuable business data, etc.
Working of Zero-day Exploit:
A software is developed and released without knowing the fact that it has a security vulnerability. An attacker identifies or exploits this vulnerability before the developers identifies or fixes the same. While still the vulnerability is open and unpatched, exploiting the vulnerability, the hacker attacks and compromises the software which can lead to data theft, unauthorized access or crashing of the software itself. After the attacker attacks the target, the public or developer identifies the attack and tries to figure out the patch. The developer identifies the fix and releases the update to safe guard its new user.
Zero-day Exploit Detection:
Probability of detecting zero day exploit is rare or in other words, the attack leaves no opportunity for detection. But there are a few ways to identify the existing known vulnerabilities.
- Signature Based – In this method, the occurrence pattern of known vulnerability can be detected with the help of pattern matching. Even though this method cannot detect the malware code used for zero-day exploit, it is capable of detecting known attacks like SQL injection that may lead to zero-day vulnerability. While a developer may not be able to detect zero-day attack, the system firewall may be able to detect and protect against few known specific attack types such as XSS , SQL injection, etc.
- Statistical Techniques – By monitoring the normal activity, this technique learns the normal behavior of the network. When the system identifies any deviation from normal profile it will detect a probability of vulnerability.
- Behavior Based – The implementation of behavior based detection typically depends on a ‘honeypot’. A honeypot is a security mechanism that is developed to detect the presence of hackers or hacking attempts.
- Hybrid Techniques – This hybrid technique use the advantage of statistical, behavioral and traditional signature based defense mechanism. They are comparatively more effective as the weaknesses of any single detection technique will not break the security.
Zero-day Exploit Prevention : As zero-day exploits cannot be easily discovered, prevention of the zero-day exploit becomes difficult. There is hardly any ways to protect against zero-day exploit as we don’t have any idea about its occurrence well in advance. We can reduce the level of risk opting any of the following strategies:
- Implementation of IP security protocol ( IPSec).
- Usage of virtual local area networks.
- Deployment of intrusion detection system (IDS) or intrusion prevention system (IPS).
- Usage of network access control protocols.
- Usage of security schemes such as Wi-Fi Protected Access 2.
- Keeping all systems up to date.
- Performing periodic vulnerability scanning.
Example Cases of Zero-day Exploit :
- CVE-2016-4117 – This zero-day attack exploited one of the previously undiscovered flaws in Adobe Flash Player.
- CVE-2016-0167 – This is a privilege escalation attack targeting win32k Windows Graphics subsystem Microsoft Windows.
- CVE-2017-0199 – This zero-day attack exploited one of the previously undisclosed vulnerability in Microsoft Office RTF documents.
- Stuxnet worm – This zero-day exploit targeted supervisory control and data acquisition (SCADA) systems.