Zero-day vulnerabilities: Everything you need to know
The ultimate guide to zero-day vulnerabilities, how they can affect businesses, and how to protect your organization from malicious attacks.
The risks of zero-day vulnerabilities are nearly impossible to avoid, but zero-day attacks can be detected, and their effects can be mitigated. Using this article, you can help your company steer clear of potentially devastating financial and reputational consequences. If you want to make the most of your cybersecurity efforts, invest your time here learning about one of the most significant challenges for IT admins today: Zero-day threats.
Zero-day threats
What is a zero-day vulnerability?
A zero-day vulnerability is an exploitable software vulnerability for which there is no patch. The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching, which is zero days.
What is an example of a zero-day threat?
Between January 18 – 31, CL0P launched an automated attack on businesses running Fortra’s GoAnywhere MFT secure file transfer tool. The gang used a zero-day vulnerability to create unauthorized accounts in victims’ environments, which were used to steal files and install malicious tools.
Not long after, the gang returned with an even bigger campaign based on a zero-day in Progress MOVEit Transfer software. Exploitation began on May 27, and Progress Software alerted its customers to the existence of the vulnerability on May 31. The use of zero-day vulnerabilities left organizations unable to protect themselves with security patches and traditional malware detection techniques. It’s estimated that CL0P extorted between $75M – $100M with its MOVEit Transfer zero-day campaign alone.
How does a zero-day vulnerability affect businesses?
Any software can have zero-day vulnerabilities, so every business is susceptible to these threats. Since zero-day threats are hard to detect and hard to stop, they can give attackers an advantage that carries the potential for greater disruption across all areas of the business, including critical operations, data security, and reputation.
By gaining unauthorized access to proprietary information, attackers can impact businesses in terms of unexpected downtime, loss of productivity, and financial devastation. It can also cause other damages if trade secrets or intellectual property are exposed. Zero-day vulnerabilities also carry the potential for legal ramifications, regulatory fines, and decline in customer trust—not to mention the costs associated with mitigating an attack.
How can you mitigate the risks of zero-day attacks?
- Keep an up-to-date asset inventory of hardware and software so you know what you’re protecting.
- Use defense in depth—no single technology can protect you from every threat, so use layered technologies that protect in different ways.
- Automate the process of patching. Attacks often go through several steps, and criminals may use more than one vulnerability, so even if patching won’t stop a zero-day, it can stop the next step in the attack.
- Use a managed service provider (MSP), or a service like managed detection and response (MDR) that can act on alerts at nighttime, weekends and holidays—exactly when attackers typically strike.
- Segment your network to contain attackers, slowing them down and limiting their movement.
- Block legitimate admin tools and applications that cybercriminals use in their attacks.
- Grow your security awareness and training. This includes educating employees and users about social engineering and phishing techniques to avoid.
How to protect against zero-day threats
Of course, IT admins cannot work around the clock. The proliferation of cyber threats, like zero-day vulnerabilities, means that attackers are working even when you are not—especially when you are not. These challenges have given rise to Managed Detection and Response (MDR) services, which offer businesses 24/7 advanced prevention, detection, and remediation by industry experts. You can think of it like an extension of your in-house team.