They’re inside your system but no one knows how they got there – or how to stop them. These destructive attacks are called zero-day threats, because your security team will have zero days to prepare.
Zero-day attacks involve cybercriminals using vulnerabilities no one knows about. They’re hard to detect and can go on for years.
Zero-day: Birth of a New Threat is Tomorrow Unlocked‘s latest film in the hacker:HUNTER Behind the Screens series. Michael Gregg, CEO of Managed Service Provider Catalyst Network Solutions, discusses these attacks and his clever way to trick cybercriminals into giving up their secrets. He also shares ways to spot these sometimes-subtle attacks.
Understanding zero-day attacks
While you may not have heard of zero-day attacks, some of the most well-known cyberattacks fall into this category, such as WannaCry and BlueKeep. But what does it mean?
Software developers are always looking out for vulnerabilities hackers could use to gain access to systems through their software. When you receive software updates, these often include ‘patches’ for recently discovered security holes.
Cybercriminals sometimes spot vulnerabilities before developers – these are known as zero-day vulnerabilities. When they find these holes, hackers write code to use and sell to other hackers so they can steal data.
“It’s called zero-day because that’s exactly how long you’ve had to prepare for it,” says Gregg.
Zero-day attacks might include reaching a vulnerable system using phishing – manipulative emails to users aiming to convince them to open a file or visit a malicious site. That action downloads the attacker’s malware, which infiltrates user files.
It can take time for developers to find the vulnerability that allowed the attack. In recent years, hackers have become faster at exploiting vulnerabilities soon after discovery.
Zero-day attacks are especially dangerous because only attackers know about them. Once they have access through a zero-day vulnerability, criminals can attack immediately or wait for the best time.
What is a Managed Service Provider (MSP?)
Gregg’s company, Catalyst Network Solutions, is a Kaspersky partner Managed Service Provider (MSP.) MSPs offer cybersecurity-as-a-service.
Rather than or as well as an inhouse cybersecurity team, businesses hire MSPs to take care of their cybersecurity. Using MSPs makes it easier for businesses to have a range of cybersecurity expertise on-hand in a market where hiring cyber experts can be challenging.
MSPs typically provide services to multiple companies and organizations, giving them broad-based knowledge of cyberthreats and cyber solutions. With the wide range of business tech that needs securing today – from light switches to security cameras to fridges – the value of wide-ranging experience is rising by the day.
Tricking cybercriminals with their own tricks
To help prevent zero-day attacks, Gregg built an online test environment (sandbox) containing fake data that would be attractive to cybercriminals – such as numbers that looked like social security and credit card details.
The data tricks cybercriminals into using, and so revealing, their zero-day methods. This has allowed Gregg’s team to prevent and stop attacks faster.
Preventing zero-day attacks
As soon as a zero-day threat is understood, software developers will release updates to patch it, so your business should ensure it always installs updates promptly.
If you can’t stop a zero-day attack happening, there are ways to ensure it’s caught early. Gregg advises “There’s never a call that’s not worth making,” when it comes to cybersecurity.
Signs of zero-day attacks can be subtle. “If your mouse is moving in a weird way, you’re getting out-of-place keystrokes or your computer’s running slowly,” let the cyber professionals know – whether you have an internal team or a Managed Service Provider.