Zero-day vulnerabilities are flaws in software security that the vendor has not yet created a patch to fix. Many zero-days are discovered by bug bounty hunters or threat actors. The vulnerability has been exposed and, the developer has zero days to find a solution and apply a fix. The discovery of a zero-day does not necessarily mean that it is being actively exploited in the wild.
The developer needs to work quickly to patch or update in order to repair the issue. Crooks will work just as fast to find a way to exploit it and insert malicious code in order to compromise a device or network.
Many vulnerabilities can exist well before they are known. If an attacker comes across a zero-day vulnerability, they may be stealthily working on code to launch an attack.
When zero-days are discovered, they are added to the Common Vulnerabilities and Exposures (CVE) list. The CVE directory provides definitions for these vulnerabilities.
Though you cannot prevent a zero-day attack (remember, zero-day means it was not known by the developer yet), you can take steps to protect yourself from these threats.
- Deploy a vulnerability management and patching program. This program will help you automate the process to keep your network and devices up to date.
- Software updates are very important. They include security updates, firmware and driver updates, bug fixes, removals of outdated features as well as the addition of new features.
- Use a layered security model. Make sure you have physical defense in place at the firewall. Use anti-virus on end points. Apply VLANs and segmentation. Control privileged user access.
- Educate users in cybersecurity awareness.
And lastly, should you fall victim to an exploit, you should have an incident response plan in place in order to mitigate and minimize the damage. A well planned incident response can save you time, money and headaches.
Resources
cve.miter.org
2021 Has Broken the Record for Zero-day Hacking Attacks