Typical targets for a zero-day exploit include:<\/p>\n
- \n
- Government departments.<\/li>\n
- Large enterprises.<\/li>\n
- Individuals with access to valuable business data, such as intellectual property.<\/li>\n
- Large numbers of home users who use a vulnerable system, such as a browser or operating system. Hackers can use vulnerabilities to compromise computers and build massive\u00a0botnets.<\/a><\/li>\n
- Hardware devices, firmware and\u00a0Internet of Things (IoT)<\/a>.<\/li>\n
- In some cases governments use zero-day exploits to attack individuals, organizations or countries who threaten their natural security.<\/li>\n<\/ol>\n
Because zero-day vulnerabilities are valuable for different parties, a market exists in which organizations pay researchers who discover vulnerabilities. In addition to this \u2018white market\u2019, there are gray and black markets in which zero-day vulnerabilities are traded, without public disclosure, for up to hundreds of thousands of dollars.<\/p>\n
Examples of zero-day attacks<\/h2>\n
Some high-profile examples of zero-day attacks include:<\/p>\n
- \n
- \n
- \n
- Stuxnet:<\/strong><\/span>\u00a0This malicious computer worm targeted computers used for manufacturing purposes in several countries, including Iran, India, and Indonesia. The primary target was Iran\u2019s uranium enrichment plants, with the intention of disrupting the country\u2019s nuclear program.The zero-day vulnerabilities existed in software running on industrial computers known as\u00a0programmable logic controllers (PLCs)<\/a>, which ran on Microsoft Windows. The worm infected the PLCs through vulnerabilities in\u00a0Siemens Step7 software<\/a>, causing the PLCs to carry out unexpected commands on assembly line machinery, sabotaging the centrifuges used to separate nuclear material.<\/li>\n
- Sony zero-day attack:<\/strong><\/span>\u00a0Sony Pictures was the victim of a zero-day exploit in late 2014. The attack crippled Sony\u2019s network and led to the release of sensitive corporate data on file-sharing sites. The compromised data included details of forthcoming movies, business plans, and the personal email addresses of senior Sony executives. The details of the exact vulnerability exploited in the Sony attack remains unknown.<\/li>\n
- RSA:<\/strong><\/span>\u00a0In 2011, hackers used a then-unpatched vulnerability in Adobe Flash Player to gain access to the network of security company RSA. The attackers sent emails with Excel spreadsheet attachments to small groups of RSA employees. The spreadsheets contained an embedded Flash file that exploited the zero-day Flash vulnerability. When one of the employees opened the spreadsheet, the attacked installed the Poison Ivy remote administration tool to take control of the computer.Once they gained access to the network, attackers searched for sensitive information, copied it and transmitted it to external servers they controlled. RSA admitted that among the data stolen was sensitive information related to the company\u2019s SecurID two-factor authentication products, used around the world for access to sensitive data and devices.<\/li>\n
- Operation Aurora:<\/strong><\/span>\u00a0This 2009 zero-day exploit targeted the intellectual property of several major enterprises, including Google, Adobe Systems, Yahoo, and Dow Chemical. The vulnerabilities existed in both Internet Explorer and Perforce; the latter was used by Google to manage its source code.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n
Zero-day vulnerability detection<\/h2>\n
By definition, no patches or antivirus signatures exist yet for zero-day exploits, making them difficult to detect. However, there are several ways to detect previously unknown software vulnerabilities.<\/p>\n
Vulnerability scanning<\/span><\/h3>\n
Vulnerability scanning<\/a>\u00a0can detect some zero-day exploits. Security vendors who offer vulnerability scanning solutions can simulate attacks on software code, conduct code reviews, and attempt to find new vulnerabilities that may have been introduced after a software update.<\/p>\n
This approach cannot detect all zero-day exploits. But even for those it detects, scanning is not enough\u2014organizations must act on the results of a scan, perform code review and sanitize their code to prevent the exploit. In reality most organizations are slow to respond to newly discovered vulnerabilities, while attackers can be very quick to exploit a zero-day exploit.<\/p>\n
Patch management<\/span><\/h3>\n
Another strategy is to deploy software patches as soon as possible for newly discovered software vulnerabilities. While this cannot prevent zero-day attacks, quickly applying patches and software upgrades can significantly reduce the risk of an attack.<\/p>\n
However, there are three factors that can delay the deployment of security patches. Software vendors take time to discover vulnerabilities, develop a patch and distribute it to users. It can also take time for the patch to be applied on organizational systems. The longer this process takes, the higher the risk of a zero-day attack.<\/p>\n
Input validation and sanitization<\/span><\/h3>\n
Input validation solves many of the issues inherent in vulnerability scanning and patch management. It doesn\u2019t leave organizations unprotected while they are patching systems or sanitizing code\u2014processes that can take time. It is operated by security experts and is much more flexible, able to adapt and respond to new threats in real time.<\/p>\n
One of the most effective ways to prevent zero-day attacks is deploying a web application firewall (WAF) on the network edge. A WAF reviews all incoming traffic and filters out malicious inputs that might target security vulnerabilities.<\/p>\n
Additionally, the most recent advancement in the fight against zero-day attacks is runtime application self-protection (RASP). RASP agents sit inside applications, examining request payloads with the context of the application code at runtime, to determine whether a request is normal or malicious- enabling applications to defend themselves.<\/p>\n
Zero-day initiative<\/span><\/h3>\n
A program established to reward security researchers for responsibly disclosing vulnerabilities, instead of selling the information on the black market. Its objective is to create a broad community of vulnerability researchers who can discover security vulnerabilities before hackers do, and alert software vendors.<\/p>\n
See how Imperva Web Application Firewall can help you with zero-day exploits.<\/p>\n
\n Request demo<\/a>\n Learn more<\/a>\n <\/div><\/div><\/div>Imperva zero-day threat mitigation<\/h2>\n
Vulnerability scanning and patch management are partial solutions to zero-day attacks. And they create a large window of vulnerability, due to the time it takes to develop and apply patches and code fixes.<\/p>\n
- Sony zero-day attack:<\/strong><\/span>\u00a0Sony Pictures was the victim of a zero-day exploit in late 2014. The attack crippled Sony\u2019s network and led to the release of sensitive corporate data on file-sharing sites. The compromised data included details of forthcoming movies, business plans, and the personal email addresses of senior Sony executives. The details of the exact vulnerability exploited in the Sony attack remains unknown.<\/li>\n
- Stuxnet:<\/strong><\/span>\u00a0This malicious computer worm targeted computers used for manufacturing purposes in several countries, including Iran, India, and Indonesia. The primary target was Iran\u2019s uranium enrichment plants, with the intention of disrupting the country\u2019s nuclear program.The zero-day vulnerabilities existed in software running on industrial computers known as\u00a0programmable logic controllers (PLCs)<\/a>, which ran on Microsoft Windows. The worm infected the PLCs through vulnerabilities in\u00a0Siemens Step7 software<\/a>, causing the PLCs to carry out unexpected commands on assembly line machinery, sabotaging the centrifuges used to separate nuclear material.<\/li>\n
- Hardware devices, firmware and\u00a0Internet of Things (IoT)<\/a>.<\/li>\n
![\"Imperva](\"https:\/\/www.imperva.com\/learn\/wp-content\/uploads\/sites\/13\/2019\/01\/zero-day.jpg\")