Zero-Day Exploitation & Prevention

Zero-Day Exploitation & Prevention

Much has been written about viral threats and other forms of malware. At this point, some forms of malware have become quite famous (though not for anything good!). However, we are going to talk about the unknown threats today. Guarding against known threats is usually not too hard, provided that you have properly hardened your security. However, those unknown threats are the really scary ones. it’s relatively easy to dodge the knife that you can see, but it’s not so easy to dodge a knife in the dark. When professionals talk about new and unknown threats, they often use a term that you may have heard before: Zero-day exploitation.

What Is A Zero-Day Exploit?

First of all, you need to understand the subtle difference between a literal “hack” and an “exploit.” To help all of you understand better, let’s reference the matter with something that is familiar to most people…like online multiplayer video games.

Virtually all online multiplayer games have a problem with cheaters (as some of you probably know). In most cases, these cheaters take one of two forms: Those who have literally hacked the game (adding cheat menus and such) and those who are merely exploiting various glitches. One would think that the hacker variety would be more common, as they are much harder to defeat. However, glitching tends to be more common because it is harder for the cheater to be caught. This difference perfectly describes the difference between a hacker and an exploiter. Of course, some individuals might use a mixture of both methods.

When an exploit (or a potential one) is discovered, it is referred to as a zero-day exploit. This simply means that it is a new threat, having never been documented in the past. In cases like this, you are probably dealing with an attacker who is smart enough to find vulnerabilities in the code without help from anyone else. Zero-day exploits are the hacker’s equivalent of a “secret weapon.”

Examples Of Zero-Day Attacks

ATTACK ON MICROSOFT WINDOWS, JUNE 2019

The attack on Microsoft Windows that has targeted Eastern Europe was identified by a group of researchers from ESET in June 2019. The attack was regarding the local escalation privileges that were a vulnerable part of Microsoft Windows.

Since releasing a patch is the only option in such scenarios, once the threat was identified, the security center from Microsoft took the responsibility of rectifying it.

It can also be assumed similar to a phishing attack where the hackers attack people that are vulnerable to fall for scam emails as well as messages. Microsoft inadvertently left one point in favor of the attackers, and the attackers took advantage of the same.

The attack started via malware, which is also a type of phishing attack.

CVE-2019-0797

Another Zero-Day attack example is the one that infiltrated Microsoft Windows in Feb 2019 by (AEP) Automatic Exploit Prevention. It happened before the June 2019 exploit mentioned above. It was the fourth time that the vulnerability of win32k.sys was exploited, after which it was again attempted in June of the same year.

With the help of advanced technologies such as AEP for end-point products as well as BDE (Behavioral detection engine), the discovery of the attack was possible.

To identify if this was also a phishing attempt, technology such as an anti-malware engine was also used.

A patch was released immediately following the same; however, even after fixing it, the attack was attempted again.

CVE-2019-2215

This attack affected the android devices from Google due to the vulnerability known as Kernel privilege escalation. The TAG team from Google was the first to identify the same. It occurred via malicious apps that the hackers were using, who then sent out emails about downloading the same in the form of phishing.

Google will be releasing a patch this November to resolve the issue.

THE DNC HACK

It was one of the most popular Zero-Day attacks. The data released about DNC or the Democratic National Committee was due to the recent Zero-Day attacks-2019There have been about six zero-day exploited vulnerabilities, which are included in the zero-day vulnerability list – 2019, for gaining access to the stolen data. The state backed these discovered vulnerabilities by Russian hackers in Adobe Flash, Microsoft Windows, and Java. To operate on the vulnerabilities, the hackers got involved in a campaign of spear-phishing.

Unlike the phishing campaign, this spear-phishing campaign targeted specific individuals rather than the general public. The Russian hackers had sent out several emails containing booby-trapped links to phishing pages that stole passwords to people related to the DNC. People who clocked on tiny.cc and bit.ly concealed URLs surrendered the control of their personal computer and also the DNC network to the hackers.

How To Protect Against Zero-Day Attacks

This is where most articles on the subject of zero-day attacks will often drop the ball. It’s easy to understand what a zero-day attack is, but not so easy to guard against one. Because we are dealing with the unknown, we cannot guard specifically against this threat. However, that doesn’t mean that we are powerless against these attacks.

The Layered Approach

Zero-day attacks can be defeated by creating a system that is far more secure than the attacker expects. This will often cause them to break off their attack, seeking an easier target. They might even have the skill to break through your perimeter, but that doesn’t mean they want to do so. Criminals, by nature, tend to look for easy targets. Thus, one important thing to remember: Don’t be an easy target!

You must secure your network from end to end. Some online services offer “end-to-end encryption” and this is good. However, you should never put all your trust in a single security barrier. Any single security barrier can potentially be broken or circumvented. That’s why you need multiple barriers. Everything from encryption to firewalls to router-level exclusions and virtual environments.

The Layered Approach Is Both Ancient And Effective

The idea is to create something like an ancient “ring-fort.” these were circular mounds topped by walls, each ring inside of the other. Until the invention of heavy siege equipment, these fortifications were highly effective due to their multi-layered nature. Whenever an attacker breaks through one ring, they are immediately met with another set of defenses. This will cause a less serious attacker to give up and leave you alone.

Network Monitoring Is Your Best Counter-Weapon

Don’t forget the importance of network monitoring, either. Even an unknown threat will likely produce patterns of suspicious activity. For instance, if you see an unknown server trying to connect with your network, you might look up its identifying information. If it doesn’t match with anything legitimate or known, it should probably be blocked.

This is easily one of the best tools against zero-day exploits. There are some anti-malware programs that include smart network monitoring, and this is a great option. Still, network monitoring will always require at least one skilled human being to interpret the collected data. That’s where IT computer services become extremely helpful.

Things That Won’t Protect You Against Zero-Day Attacks

First off, don’t even try to detect a zero-day threat with your antivirus software. Malware scanners of any type will be ineffective here. Remember those software signatures that we mentioned earlier? Well, every piece of software has them and they are used by all of these scanners to identify known threats. Again, we aren’t dealing with known threats so this becomes useless.

Unfortunately, firewalls also make use of lists. Instead of using software signatures, they use a list of known malicious URL addresses. Unless they use a known malware site as their point of entry, a firewall probably won’t detect the exploit.

Conclusion

Zero-day attacks are probably the most dangerous kind that exists. By definition, this kind of hack is unknown to everyone except the attacker (and maybe their accomplices). That’s why no specific measures exist to guard against these attacks. This is exactly why governments like to keep their best weapons hidden until they are needed. Hackers, unfortunately, have caught on to the same principle.

That being said, it is possible to make yourself very resistant to these unknown threats by hardening every part of the network. Leave no door unlocked and no window unbarred. Penetration testing can be used to see if you have adequately protected yourself. For help in such matters, you might want to call PCH Technologies at (856) 754-7500.