By Dr. Samir Kelekar, Senior Consultant, Indusface
Zero Day Vulnerability
Google announced a new project for funding vulnerability research, Project Zero. The main aim of the project is to make web a safer place for users, by focusing more on “zero day” vulnerabilities and “zero-day” attacks. Chris Evans, Researcher Herder at Google said that the objective of Project Zero is to significantly reduce the number of people harmed by targeted attacks.

What is a Zero-Day Vulnerability?

Zero-Day Vulnerability refers to a vulnerability which is not known to the security vendors and therefore does not have a patch ready. This means that the vulnerability can be exploited by hackers to access the affected application’s data. The term zero-day is used since the security vendor has known about the vulnerability for zero days therefore has no fix for it.

When a zero-day vulnerability is exploited by the attacker, the attacks is referred to a Zero-Day attack or threat.

More on Zero-Day Vulnerabilities

To make things clearer, we will take you in more detail about Zero-Day Vulnerability and how it comes into existence. A weakness or a flaw in a system, which leaves it open to attacks by hackers, is referred to as a vulnerability. Software companies devote a lot of time and money to fix these vulnerabilities timely and before they fall in the eyes of cybercriminals…but coding is very complex, and sometimes a vulnerability can lie in the code without being detected for years. The most recent and common example of this is Heartbleed, a critical vulnerability which allows a malicious user using a client to get 64K of memory, containing sensitive data, from the server. While Heartbleed existed in the OpenSSL software since about two years back, it was discovered only in April, 2014.

Once a vulnerability is found by the security vendor, they release a patch to fix it, as software updates. It’s as simple as that!

But complications arise when the vulnerability is not discovered by the good guys first. Normally, when someone finds a flaw in a software which can potentially be exploited, they inform the respective software company so that it can be fixed. Many companies, including Google, offers financial and recognition related incentives in the form of “bug bounty” to such informers.

If the same flaw is discovered by a miscreant, s/he tries to use it for their personal gain and tries to keep the vulnerability hidden for as long as possible, thereby gaining the opportunity to exploit it to the maximum. Let us share an example of this scenario with you. In 2012, a hacker announced that he had discovered an XSS flaw in Yahoo which could be exploited to hijack yahoo webmail user’s accounts. He announced that he was ready to sell the information about this flaw to a “serious contender” for $700. The reason for this specific request was that, Yahoo at that time had been unable to find the vulnerability, and the hacker wanted to keep it this way as long as he could!

How to Protect against Zero-Day Attacks

An attack which occurs due to exploitation of a zero-day vulnerability is known as a Zero-day attack. Here the exploit happens on the “zeroth” day of a developer’s knowledge of the vulnerability.

Since you do not know about the vulnerability, you cannot protect yourself against it. However, there are certain steps one can follow for early detection or to minimize the possibility of a zero-day attack:

  1. Keeping the software updated with latest software updates and patches is important.
  2. Not clicking on unknown attachments and links. Caution needs to be taken even if the content is from known users, as there are more than enough incidences where cybercriminals have assumed the identity of a familiar person and spreading virus or malware.
  3. Have a good anti-virus in place to block such attacks.
  4. Operate on sites which are secured with Secure Socket Layer (SSL).
  5. Many companies are providing support with projects that work on providing information on upcoming attacks.
  6. Go for multiple layer protection with Web application firewalls
  7. Scan your applications periodically for malwares and vulnerabilities. The best defense is offense, therefore fix any new vulnerability before someone else finds it.
  8. Protect content of individual transmissions with help of Virtual LANs.
  9. Always use a password protected Wi-Fi.
  10. Perform penetration testing on your applications. This will help you in finding the weak points in your security and fixing them, before the hackers do.

Given that zero days may not be preventable even after all the standard precautions taken, one needs to check for the after effects and possibly catch them. For instance, what would a hacker do after he has breached the security after a zero day exploit? He would possibly try to download the whole database of users, or financial info in case of a website. A Data Loss Prevention product could possibly catch and prevent such downloads. One could also look for anomalies in logs. Some SIEM (security information event management) products have sophisticated log correlation capabilities that look for anomalies in traffic. With computing power and storage being available in plenty, there are companies which use machine learning techniques to look for unusual activities.

Founder & Chief Marketing Officer, Indusface

Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.