What are Zero-Day Exploits?
A zero-day exploit, also known as a zero-day vulnerability, is an unknown exploit that exposes a vulnerability in software or hardware that can create complicated problems well before anyone realizes something is wrong. Attackers create malware before the developers have an opportunity to create a patch to fix the vulnerability. Here’s a breakdown of the steps of the window of vulnerability.
- A company’s developers create software, but unknowingly create vulnerabilities within the software.
- A cyber criminal spots that vulnerability before the developer and acts on it before the company has a chance to fix it.
- The attacker writes and implements an exploit code before the developers create a patch for the vulnerability.
- Once the exploit is released, it is usually not recognized until a member of the public becomes a victim of identity or information theft or a developer catches it and creates a patch to stop the threat.
Recent Zero-Day Exploit
Adobe Flash Player
On May 8, 2016, a vulnerability was detected in Adobe Flash Player. Attackers had embedded the Flash exploit inside a Microsoft Office document, and the attackers could then disseminate their exploit via email attachment or URL. While the exploit resided within Adobe, attackers designed this attack for a user running Windows and Microsoft Office.
The summarized exploit chain is as follows:
- The victim opens the malicious Office document
- The exploit runs embedded native shellcode
- The shellcode downloads and executes a second shellcode from the attacker’s server
- The second shellcode:
- Downloads and executes malware
- Downloads and displays a decoy document
- The malware connects to a second command and control server and waits for further instructions from the attacker
- The attacker now has complete control over the victim machine
Zero-Day Exploits For Sale
Zero-day exploits are now creating their own market, as anyone with very little technology know-how can purchase these kits.
Mitnick’s Absolute Zero-Day Exchange
Accord to their website, Mitnick’s Absolute Zero-Day Exploit Exchange is an exclusive brokerage service through which you can buy and sell zero-day exploits. Due to Mitnick Security’s unique positioning among security researchers and the hacker community, they can offer specialized brokering services by connecting discerning government and corporate buyers with senior security researchers and exploit developers.
$90,000 Zero-Day Exploit for Windows
For only $90,000, you can purchase a zero-day exploit that is supposed to work on all versions of Windows. An individual going by the name of ‘BuggiCorp’ is selling the exploit on a Russian underground forum and has it tabbed as “an exploit that can affect almost all Windows machines on the planet” which is currently over 1.5 billion users.
Currently, there’s no way to tell if the zero-day exploit is the real deal without purchasing it or waiting for it to show up in the underground. However, the forum does provide two proof videos. In the first video, a fully updated Windows 10 computer is shown being successfully exploited by the program. Even more impressive, the video was recorded on ‘Patch Tuesday’ with all the updates installed. As for the second video, the exploit is shown to be working on a Windows box running Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) and successfully bypassing EMET protection.
How to Protect Against Zero-Day Exploits
Zero-day exploits are possibly the hardest form of cyberattacks to protect against as the cyber criminals prey on vulnerabilities in software that have yet to be discovered by the developers. However, you can take preventative steps against zero-day exploits.
- Use application whitelisting to allow only known good applications to run. This is the only way to stop exploits from executing their payload.
- Update your software – perhaps the easiest way for cybercriminals to get access to your computer or network is through a program that has previously been exposed, but you have continuously put off updating. If you have software that you trust and the company sends you a notice to update your version, do it!
- Use only updated browsers – Firefox, Chrome, and Internet Explorer all push out automatic updates of their browsers on a regular basis. These updates often include patches to newly discovered vulnerabilities. However, most of these are updated in the background, meaning they update automatically when you close or reopen your browser. Leaving your browsers open for several days at a time is running the risk of missing these updates.
