Contact Us

What is a zero-day attack? How to prepare and respond

Author: Shane Schick

Security experts and cybercriminals are in a constant race: The former scramble to fix vulnerabilities in software; the latter work diligently to exploit those vulnerabilities. A zero-day attack is a prime opportunity for cybercriminals to get the upper hand.

What is a zero-day attack?

Essentially, zero-day vulnerabilities are attack vectors that have just recently become public knowledge and have yet to be patched, meaning they are often successful in sneaking past anti-virus systems that look for known attack signatures. The threat is time-sensitive—developers have zero days to fix the problem. Think of zero-day vulnerabilities like ticking time bombs—they need to be defused before a cybersecurity incident occurs.

A zero-day attack—when a hacker exploits a zero-day vulnerability before it can be patched—can be deployed through multiple methods: phishing campaigns, where hackers try to dupe unsuspecting users into clicking on a malicious link in an email or text message; injecting a network with malware; or infecting it with botnets.

Objectives vary, too. Attackers might seek to steal corporate or personal information, or they might try to gain control of a computer system or an entire network.

How the enterprise could be affected

A zero-day attack is hard to detect; it can go undiscovered for months or even years. Intrusion detection systems and web application firewalls can only help determine the severity of the threat once it's identified.

Responding to a zero-day malware attack can also be difficult, especially if the software vendor is still developing a fix for the vulnerability in their product. When a fix isn't available, hackers have time to infect more machines, increase their presence on the network, escalate their privileges and steal more data.

Organizations are in the best position to avoid or mitigate risk when they work with partners that offer threat intelligence services and can get to work the moment a threat becomes publicly disclosed. Endpoint detection and response tools can—especially those engineering to not rely on known attack signatures—protect devices and systems at the point of attack and work to defend against and identify zero-day threats.

Deploying patches and solutions

Keeping every operating system and application patched and updated is essential, given that vulnerabilities usually emerge in outdated versions of an application.

If it's attacked, an organization can respond quickly if it has a strong disaster recovery strategy in place. A combination of cloud-based and on-site storage, for example, ensures that critical data can be backed up in a secure location. An effective response could also include shutting off access to websites, applications and other vulnerable systems.

Vendors might be able to offer temporary workarounds, such as limiting certain application features or turning them off entirely, while a patch is developed. And, of course, once the patch is ready, it should be applied immediately.

Learn how Verizon security solutions can help your business fight back against bad actors.