In this IT-era, majority of the cyber spaces are vulnerable to different kinds of attack.
Zero-day exploit is a type of cyber security attack that occur on the same day the software, hardware or firmware flaw is detected by the manufacturer. Because it’s been zero days since the security flaw was last exploit, the attack is termed as zero-day exploit or zero-day attack. This kind of cyber-attacks is considered dangerous because the developer have not had the chance to fix the flaw. Zero-day exploit typically targets large organisations, government departments, firmware, hardware devices, IoT, users having access to valuable business data, etc.
Working of Zero-day Exploit :
A software is developed and released without knowing the fact that it has a security vulnerability. An attacker identifies or exploits this vulnerability before the developers identifies or fixes the same. While still the vulnerability is open and unpatched, exploiting the situation the hacker releases malware to attack the software. After attacker attacking the target, the public or developer identifies the attack and try to figure out the patch. The developer identifies the fix and release the update to safe guard its new user.
Zero-day Exploit Detection :
Probability of detecting zero day exploit is rare or in other words, the attack leaves no opportunity for detection. But there are few ways to identify the existing known vulnerabilities.
- Signature Based –
In this method, occurrence pattern of known vulnerability can be detected with the help of pattern matching. Even though this method cannot detect the malware code used for zero-day exploit, it is capable of detecting known attacks like SQL injection that may leads to zero-day vulnerability. While a developer may not be able to detect zero-day attack, the system firewall may be able to detect and protect against few known specific attack type such as XSS , SQL injection, etc.
- Statistical Techniques –
By monitoring the normal activity this technique learns the normal behavior of the network. When the system identifies any deviation from normal profile it will detect a probability of vulnerability.
- Behavior Based –
The implementation of behavior based detection typically depends on a ‘honeypot’. A honeypot is a security mechanism that is developed to detect the presence of hackers or hacking attempts.
- Hybrid Techniques –
This hybrid technique use the advantage of statistical, behavior and traditional signature based defense mechanism. They are comparatively more effective as the weaknesses of any single detection technique will not break the security.
Zero-day Exploit Prevention :
As zero-day exploits cannot be easily discovered, prevention of the zero-day exploit becomes difficult. There is hardly any ways to protect against zero-day exploit as we don’t have any idea about its occurrence well in advance.
We can reduce the level of risk opting any of the following strategies:
- Implementation of IP security protocol ( IPSec).
- Usage of virtual local area networks.
- Deployment of intrusion detection system (IDS) or intrusion prevention system (IPS).
- Usage of network access control protocols.
- Usage of security scheme such as Wi-Fi Protected Access 2.
- Keeping all system up to date.
- Performing periodic vulnerability scanning.
Example Cases of Zero-day Exploit :
- CVE-2016-4117 –
This zero-day attack exploited one of the previously undiscovered flaws in Adobe Flash Player.
- CVE-2016-0167 –
This is an elevation of privilege attack targeting win32k Windows Graphics subsystem Microsoft Windows.
- CVE-2017-0199 –
This zero-day attack exploited one of the previously undisclosed vulnerability in Microsoft Office RTF documents.
- Stuxnet worm –
This zero-day exploit, targeted supervisory control and data acquisition (SCADA) systems.
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.