What is a Zero-Day Attack?

There are many types of security vulnerabilities and opportunities for cyberattacks. Businesses are responsible for keeping their organizations protected against these attacks, both to adhere to regulatory compliance and to keep their employees, customers, and proprietary data safe. One of the most common and most difficult flaws to protect against is a zero day vulnerability.

Ordinarily, when someone detects that a software program contains a potential security issue, that person or company will notify the software company (and sometimes the world at large) so that action can be taken. Given time, the software company can fix the code and distribute a patch or software update. Even if potential attackers hear about the vulnerability, it may take them some time to exploit it; meanwhile, the fix will hopefully become available first. Sometimes, however, a hacker may be the first to discover the vulnerability. Since the vulnerability isn't known in advance, there is no way to guard against the exploit before it happens. Companies exposed to such exploits can, however, institute procedures for early detection.

Security researchers cooperate with vendors and usually agree to withhold all details of zero-day vulnerabilities for a reasonable period before publishing those details. Google Project Zero, for example, follows industry guidelines that give vendors up to 90 days to patch a vulnerability before the finder of the vulnerability publicly discloses the flaw. For vulnerabilities deemed "critical," Project Zero allows only seven days for the vendor to patch before publishing the vulnerability; if the vulnerability is being actively exploited, Project Zero may reduce the response time to less than seven days...visit - TechTarget to know more.

Why zero-days are dangerous

A zero-day gets its name from the number of days that a patch has existed for the flaw: zero. Once the vendor announces a security patch, the bug is no longer a zero-day (or "oh-day" as the cool kids like to say). After that the security flaw joins the ranks of endless legions of patchable but unpatched 0lddays.

In the past, say ten years ago, a single zero-day might have been enough for remote pwnage. This made discovery and possession of any given zero-day extremely powerful.

Today, security mitigations in consumer operating systems like Windows 10 or Apple's iOS mean that it is often necessary to chain together several, sometimes dozens, of minor zero-days to gain complete control of a given target. This has driven the black market payout for a remote execution zero-day in iOS to astronomical levels...get more info over at - csoonline.com. 

What Does Zero-day Mean For My Organization?

Both zero-day vulnerabilities and zero-day exploits are extremely valuable. Criminal hackers and spies engaged in state-sponsored or corporate espionage rely on zero-day vulnerabilities and zero-day exploits to carry out attacks and compromise sensitive data. Zero-days are becoming more common, partly because of the emergence of the large market for buying and selling zero-day vulnerabilities and corresponding exploit kits.

While zero-day exploits are becoming increasingly common, a recent article in CSO Online points out that many businesses are ill-prepared to defend against zero-day attacks, primarily because “much of the conventional wisdom about security is reactive and most of the security tools available are only effective against known threats.” Modern enterprises taking a proactive approach to security are better prepared to defend against ruthless attackers.

The best defense against zero-day attacks is one that is focused on detection and response, as prevention efforts typically fail against unknown vulnerabilities or exploits. Data visibility is key to early detection of a zero-day attack or compromise – by monitoring all data access and activity for anomalous behavior, enterprises can quickly identify and contain compromises before data is lost and the damage is done...this and more over at - Digital Guardian.

The following are key signs a company would see when attacked with a zero-day exploit:

Unexpected potentially legitimate traffic or substantial scanning activity originating from a client or a server.

Unexpected traffic on a legitimate port.

Similar behavior from the compromised client or server even after the latest patches have been applied.

In such cases, it's best to conduct an analysis of the phenomenon with the affected vendor's assistance to understand whether the behavior is due to a zero-day exploit...know more over at - Computer World.

Zero-day exploits are a challenge for even the most vigilant systems administrator. However, having the proper safeguards in place can greatly reduce the risks to critical data and systems. Click here to know more about zero-day attacks and more info on cybersecurity.