One attack that no one can predict the impact and criticality are the Zero day attacks. It is important to understand and know how to be prepared for "Zero-day" attacks once it is published. Let us look into details.

What are "Zero-day Attacks"?


Zero-day or 0-day used interchangeably throughout the security industry, this is basically a vulnerability of a software that is not known to the developer or maker(vendor of the software). Such vulnerabilities in the software when used by the bad actors to attack the system are called as "Zero-day attacks"

What are the timeline of the vulnerability?


Let us split the timeline of the vulnerability

  • t0 : The vulnerability is discovered (by anyone).
  • t1a: A security patch is published (e.g., by the software vendor).
  • t1b: An exploit becomes active.
  • t2: Most vulnerable systems have applied the patch.

The window of the vulnerability is t2-t1b
t1b-t1a is the best timeline for an organization to protect their system by applying the patches on the affected systems.

When it is known as Zero-day as per the timeline above?


Let me introduce a new timeline t-1 , which is not said or talked about in generic forums
  • t-1 : The vulnerability that is not yet discovered by anyone (but could be used by bad actors)

t0 and t-1 of a vulnerability are considered as Zero-day for vulnerabilities

In short, any software could be on the t-1 vulnerability and is yet to be discovered by security researcher or developer or published by any hacker.
(On a side note, NSO guys may be playing on the t-1 vulnerabilities for their spyware activities. Let us discuss that on a different topic)

How to Defend against the Zero-day attacks?


Let us look into simple steps on how to defend

Step1: Know your assets(KYA) - Make an inventory of all your software and hardware assets.
      • To help you follow only the necessary vendors of the software and their latest updates.
Step2: Control your software installations on your critical devices and end points
      • To avoid unknown softwares installed without your knowledge
Step3: Follow the security special interest groups or the vendors of the software constantly through subscriptions and alerts
      • To get the latest alerts on the published Zero-day vulnerabilities
Step4: Monitor patches of your software and keep your assets up to date
      • To know the status of the updated softwares
Step5: Be proactive and take immediate actions when there is a patch released
      • The faster the patch the better you avoid getting attacked
Step6: If patch is not available from the vendor yet, then look for workaround for the Zero-day and mitigate the vulnerability
      • Workarounds always help to stop the immediate impact from the critical Zero-day attacks.

Still unsure on how to manage vulnerabilities and Zero-days reach out to your friendly security professional me😉


Conclusion:


You cannot fully prevent Zero-day but be prepared for it. Be alert and follow security alerts of your software vendors and make sure all your softwares are updated immediately when the vendor releases a patch.