WatchPoint Security Blog

Zero Hour for Zero Day Hackers

Written by Greg Edwards | March 23, 2015

Zero Day Vulnerability; even the phrase is enough to send shivers down the spine of the most security-savvy of us. But what is it? Is it just another piece of scaremongering from an overzealous security industry? Well, I am here to tell you, it certainly is not. It is scary. It can cause data corruption, data leakage and massive financial losses.

A Zero Day Vulnerability is, in a nutshell, a software bug that hasn't been discovered by the company who developed the software. Instead, it is found by a hacker, watching and waiting for software releases containing Zero Day Vulnerabilities, in the hope of exploiting them. These exploits result in two possible outcomes, either; the hacker will sell the details of the Zero Day Exploit to the vendor, or they will sell the information about the exploit on the black market to cyber thieves and even competitive companies, often making quite a bit of money in the transaction. More often the hacker will opt for the latter, as many companies now threaten the hacker with an extortion lawsuit. The choice of a lawsuit or thousands of dollars is a no brainer for the hacker.

Many of the largest software companies have had Zero Day Vulnerability issues in their software, including Adobe, Microsoft and Sony. ‘Heartbleed’ is a famous vulnerability that made the headlines, causing significant insecurities around SSL traffic – hitting at the heart of our online security. Another recent example of a Zero Day Vulnerability that may have affected you was in the Microsoft browser, Internet Explorer (IE). This exploit reeled folks in by sending a type of phishing email. If they clicked on the email link (and let’s face it many people do) they would be taken to a site which then exploited this IE flaw and ran malicious code on their computer – resulting in installed software taking control of their computer, potentially getting ahold of various login details, data and so on; nasty stuff. The problem is the lag between the exploit of the Zero Day Vulnerability and the patch to fix it. ‘Patch Tuesday’ as Microsoft’s patch day has become known, is less than perfect. In the linked article, you can read about the flaws in the patching process and how even critical patches often are not installed correctly. In most environments, a patch management system is a much more effective way of deploying patches.

So - how is the industry responding to this chaos? Well, a number of initiatives have been started. Google has launched Project Zero, which is a group of security researchers working full time to find issues across the Internet. Any they find will be accessible in a dedicated database of vulnerabilities, giving the details to the vendor first to allow them to fix the exploit and then monitor the situation. And of course Google benefits from using the research to identify market opportunities and trends.

Even President Obama is joining in the crusade against Zero Day Vulnerability exploits by approaching private security firms to create a partnership with the federal government.

It is also interesting to note that the 2015 HP Cyber Risk Security Report stated that only 1% of known infections were from Zero Day Vulnerabilities. The problem is that these are from old vulnerabilities, left to be found and exploited. Of course, they can no longer be called ‘Zero Day’, but they will cause you to have a very long day if you get caught out by them.

So what are some practical ways that you can protect yourself and your company?

  1. Make sure that your software is always up to date.
  2. Install patches immediately when they become available. Patches generally signify vulnerability in software, making them critical updates to protect your system from breaches.
  3. Use a patch management system that will automatically update stations and servers.

One of the problems you may find is keeping all of your devices up to date. It is a real challenge for businesses of any size, and especially challenging if you lack an IT department. This is where WatchPoint Data comes in. We help businesses keep their systems current, and more importantly, keep our customers in the know about critical updates and issues that are potential Zero Day Vulnerabilities, letting you get on with your core business.