Zero-day vulnerabilities vs. Organisations, so what is a zero-day vulnerability?
It was recently reported that a zero-day vulnerability was discovered in Microsoft Teams in June, with researchers claiming an attacker could access the victim’s chat history, read and send emails on the victim’s behalf and access files in their OneDrive storage.
Although the vulnerability was quickly patched by Microsoft, it is vulnerabilities like this that highlight the potential threat posed by the platforms, people and applications we trust and why external communications are not the only threat to consider.
But this again raises the important question, what is a zero-day vulnerability? In simple terms it is a software security flaw that has yet to have a patch developed and released, leaving the potential for it to be exploited by cybercriminals.
A vulnerability is at the simplest level, a code/development error in a software programme, operating system, which if not ‘patched’ could leave holes in the security, through which cyber criminals can attack.
Why are vulnerabilities a security risk?
Once hackers become aware of a vulnerability, to target this specific security weakness, they will write code packaged into malware called a zero-day exploit, which takes advantage of the vulnerability, which could lead to the computer system being compromised.
Exploit malware can not only steal data or allow hackers to seize control of a computer, but can also ensure other malware is allowed access to delete, encrypt or corrupt files. It can even install spyware to steal sensitive information, often without the user being aware of the infection.
The term ‘zero-day’ is used to refer to a newly discovered software vulnerability, typically the day of the discovery is day zero and the developer has no time (zero days) to create a patch to fix the flaw before hackers are able to exploit the newly identified security weakness.
It is imperative the developer quickly delivers the necessary patch as soon as the vulnerability becomes publicly known, to protect its users and limit its reputational damage. If no patch is released before a successful cyber-attack, then the users have suffered a zero-day attack.
Protecting against zero-day vulnerabilities
The problem for any organisation is not only keeping up to date with all the newly discovered vulnerabilities in all the software, apps and programs being routinely used, but knowing which, if any, of the vulnerabilities expose their systems to potential hacks.
However, how does vulnerability scanning help protect against zero day vulnerabilities, when it can’t yet know about undocumented vulnerabilities?
This problem requires organisations to deploy solutions like our Managed Endpoint Detection & Response which monitors for malicious activity on machines and networks, rather than look for documented vulnerabilities. Why is 30GB of data being moved overseas outside office hours?
Which is why checking your systems regularly is increasingly important, given the growing threat following news of technically minded criminals selling ransomware to ordinary criminals to increase the attack vector beyond the typical hacker profile.
The regular check is known as vulnerability scanning and it assesses possible security vulnerabilities that can be exploited by cyber criminals, in computers, internal and external networks, along with connected communications equipment.
Although deployed by an experienced team, the process itself is fully automated and will scan infrastructure targets against continually updated reference databases of known flaws, bugs, configuration errors and potential access routes for hackers into corporate networks.
This blog has looked at what vulnerabilities are and how scanning your systems for them makes perfect sense, given the scale of the current cyber threat. In part two, we will look at the benefits of regular vulnerability scanning, but in the meantime, please get in touch if you want to discuss how illume can help keep your organisation safe.