Zero-Day Exploits: What They Are and How to Stop Them
Zero-day exploits have been in the news recently after a massive worldwide breach of Microsoft’s email server software that affected at least 60,000 organizations. That hack relied on not one but four different zero-day exploits to install malware on Microsoft Exchange servers.
Many software vulnerabilities are discovered before cybercriminals exploit them, giving software developers sufficient time to resolve the issue. A zero-day exploit is an attack on a software vulnerability that has not been discovered by the developers of the software. When the vulnerability is exposed, the software creators have zero days to create a patch and eliminate the threat. As a result, the industry refers to these exploits as “zero-day”.
In this article, we will cover the basics of zero-day exploits and the steps organizations can take to mitigate the risks posed by software vulnerabilities. With this knowledge, business organizations can better protect their data against breaches, and recover from them faster even if they fall prey.
The Unseen Cyberthreat
It is important to understand that a zero-day exploit takes advantage of a flaw that is unknown to the developers of the software. Threat actors such as government-sponsored hackers and cybercriminals sometimes discover vulnerabilities first, and keep them secret so they can exploit them at the time of their choosing. Consequently, there is an ongoing race between threat actors and the cybersecurity industry to discover existing software vulnerabilities. A zero-day exploit represents a case of the cybercriminals winning that race by exploiting the vulnerability before it has been discovered and fixed by the developers.
Another aspect of zero-day exploits to keep in mind is that even enterprise class software from vendors like Microsoft and Adobe are vulnerable to zero-day exploits, as evidenced by recent the Microsoft Exchange Server zero-day exploits. In fact, they are often the focus of cybercriminal research because their applications are widely installed around the world, which can allow a single exploit to be capable of affecting thousands of users.
How Business Organizations Can Protect Themselves
Although business organizations are under the constant threat of zero-day exploits affecting their operations and customers, a robust cybersecurity plan will actively seek to mitigate the risk of unknown software vulnerabilities. Such measures are like preparing for natural disasters. The security plan needs to be open-minded about possible scenarios, draw up mitigation plans, and remain vigilant in keeping the organization’s software safe from vulnerabilities when they are discovered. Here are some best practices to follow:
1. Keep Critical Software up to Date
The most immediate solution to a zero-day vulnerability is a patch from the software vendor. As software vulnerabilities are discovered, vendors like Microsoft and Google will immediately release security patches to fix them. The first line of defense against these flaws is to apply patches as soon as they are available to all applications that could expose an organization to security threats.
2. Train Employees to Recognize Cyberattacks
It is an unfortunate fact that many cyberattacks are not immediately recognized by the organizations that are breached. The delay in realizing that a breach has occurred can increase the costs of a cyberattack exponentially. Cybercriminals sometimes need weeks or months to gain full access to secured information, and as a result may conduct mini attacks during that time. If employees are trained to recognize the signs that a cyberattack is taking place, they may be able to help prevent a full-scale attack from being launched, or at the very least minimize the losses if one occurs.
3. Perform Frequent Security Reviews of In-House Applications
Large organizations often develop their own applications when off-the-shelf solutions lack the critical features that they need. These in-house applications should be frequently reviewed to find security flaws, and patched whenever they are discovered. This is true whether the application is sold to outside customers or only serves an organization’s internal business needs. If any application can be accessed from the internet or reached from inside a network, it should be included in security reviews.
4. Provide Extra Protection for Sensitive Data
A thorough cybersecurity plan anticipates that a network breach could happen and seeks to protect valuable data if cybercriminals succeed. The possible existence of zero-day exploits makes this especially necessary. The good news is that strong encryption and a good data back-up plan can minimize the actual cost of a breach. Encryption will render stolen data useless to cybercriminals, and a great data back-up plan will preserve information even if a network is infected with ransomware.
5. Create Business Impact Analysis Reports
While it’s impossible to predict which software application has a zero-day vulnerability, it is possible to catalog all the applications that cybercriminals can exploit. Organizations should create business impact analysis reports for each critical business system and the specific applications that are exposed to the internet. These reports should be updated periodically and added to the planning process for new IT systems. A thorough coverage of critical systems with these reports will be needed when creating effective disaster recovery plans.
6. Limit Foreign Access to Company Systems
For small businesses that operate in a specific geography not all systems that employees access outside the office need to be accessible globally via the internet. A feature of most Next Generation Firewalls is Geo-IP filtering (or Geo-blocking) which restricts access to specific services to remote systems located in specific countries. Reducing exposed surface area in this manner may provide extra hours or days to respond to zero-day threats. A company in Canada for example can lock out 98.1% of the world’s IP addresses with minimal impact to its Canadian employees. Simply locking down Microsoft Exchange Servers to just the countries where a companies employees conduct business can provide extra hours to implement a patch when the next zero-day event occurs before it becomes broadly exploited. When users do travel abroad, using VPN on mobile devices acts as an extra layer of security and prevents foreign systems from directly accessing key systems that might otherwise be exploited by the next zero-day threat.
7. Implement a Disaster Recovery Plan
Disaster recovery plans are a necessity for every business organization. They typically cover natural disasters and infrastructure failures like floods and power outages. Considering today’s cybersecurity threat environment, a catastrophic loss of one or more business systems should be included. Zero-day exploits can cause system failures when they allow attackers to install destructive malware or take control of critical IT assets. Possible scenarios should be researched, and mitigation plans should be created for personnel to follow in case these events take place.
Leave no Stone Unturned
Small businesses and larger organizations alike can benefit from consulting with outside experts in cybersecurity. Whether it is a comprehensive security plan review or even an analysis of a new IT system that is in development, experienced experts in the field can provide an invaluable outside perspective. This is especially true since every business organization needs to do all they can to mitigate the risks of unexpected events like a zero-day exploits.
Outsource IT is a great choice for organizations seeking help from experienced cybersecurity experts. We provide a variety of cybersecurity add-on services ranging from security planning to penetration testing. Contact an Outsource IT account manager to learn more about our business IT security services.