Any attack that takes advantage of the “window of opportunity” produced by recently discovered vulnerabilities is called a Zero-Day attack. In other words, a rapid attack that is deployed by cybercriminals before security experts have been able to patch up the vulnerability… or even before they’ve heard of the attack.
Any attack of this type if the dream of any hacker, given that it guarantees instant fame (sometimes these vulnerabilities are spread on the Deep Web), and is known for its ability to be destructive (when it’s used for the hacker’s own benefit). They are also a useful resource for certain governments to sabotage foreign systems or businesses.
The path to finding Zero Days
Protection against these attacks is so important that large technology companies employ their own in-house teams of hackers who compete against cybercriminals to detect and locate Zero Day vulnerabilities before they are exploited.
The objective for these teams is to develop the appropriate patch or to make the affected software provider aware of the problem. Google, for example, has its own dream team of hackers called Project Zero, led by Chris Evans and also includes other well-known hackers such as George Hotz (winner of the biggest prize in history for the detection of a vulnerability), Tavis Ormandy, Ben Hawkes, and Brit Ian Beer. Other companies, such as Endgame Systems, Revuln, VUPEN Security, Netragard, or Exodus Intelligence dedicate themselves to the detection of these threats.
It’s important to keep in mind another aspect of the Zero Day vulnerabilities – if the hackers that discover it decide not to spread it and choose a more discrete method to exploit it, the users could be weeks, months, or years exposed to an unknown vulnerability (this is the basis of APTs, or Advanced Persistent Threats).
How to protect ourselves against Zero Day attacks
As mentioned above, this is precisely where the danger of these Zero Day attacks rests. Just as it is impossible to make a vaccine for them, or that we know that it exists but we don’t know what caused it, traditional security tools (such as an antivirus), are unable to deal with a possible malware that is still unidentified.
However, there are a few steps and measures that could help us to reduce our exposure to Zero Day based attacks.
- Never install unnecessary software: each software installed on your system is a window of entry for a potential Zero Day. It’s recommended that you review the list of software once in a while and uninstall those that you no longer use.
- Keep updated: the software that you keep should always be updated to the latest version.
- Use a reliable firewall: if it is impossible to detect a malware that comes from an unknown vulnerability, maybe we could detect a suspicious connection and stop it before it’s too late.
However, going beyond that, it is fundamental that our systems have an additional protection barrier in place that doesn’t depend on technology based on signatures to detect malicious software. With this in mind, Panda has developed Adaptive Defense 360, which is based on a distinct focus: the monitoring of every application and the real time analysis of its behavior with machine learning techniques and Big Data platforms.
This lets Adaptive Defense 360 offer two types of blocking:
- Basic Block Mode, which allows both software tagged as goodware and others to run without being cataloged by the automated systems and Panda Security’s personal expert.
- Extended Block Mode, which only allows for the running of applications cataloged as goodware.