Recent Zero-Day Attacks: Top Examples and How To Prevent It.
‘Zero-Day’ or ‘Day Zero’ is an attack that exploits serious software security vulnerability that the developer of the vendor might not be aware of. As soon as one discovers it, the software developer needs to rush to resolve the vulnerability to limit its threat to software users. A software patch is a solution to this. The likes of recent zero-day attacks could be used for attacking the internet of things, too.
Recent Zero-Day attacks
Attack On Microsoft Windows, June 2019
The attack on Microsoft Windows that has targeted Eastern Europe was identified by a group of researchers from ESET in June 2019. The attack was regarding the local escalation privileges that were a vulnerable part of Microsoft Windows.
Since releasing a patch is the only option in such scenarios, once the threat was identified, the security center from Microsoft took the responsibility of rectifying it.
It can also be assumed similar to a phishing attack where the hackers attack people that are vulnerable to fall for scam emails as well as messages. Microsoft inadvertently left one point in favor of the attackers, and the attackers took advantage of the same.
The attack started via malware, which is also a type of phishing attack.
Another Zero-Day attack example is the one that infiltrated Microsoft Windows in Feb 2019 by (AEP) Automatic Exploit Prevention. It happened before the June 2019 exploit mentioned above. It was the fourth time that the vulnerability of win32k.sys was exploited, after which it was again attempted in June of the same year.
With the help of advanced technologies such as AEP for end-point products as well as BDE (Behavioral detection engine), the discovery of the attack was possible.
To identify if this was also a phishing attempt, technology such as an anti-malware engine was also used.
A patch was released immediately following the same; however, even after fixing it, the attack was attempted again.
This attack affected the android devices from Google due to the vulnerability known as Kernel privilege escalation. The TAG team from Google was the first to identify the same. It occurred via malicious apps that the hackers were using, who then sent out emails about downloading the same in the form of phishing.
Google will be releasing a patch this November to resolve the issue.
The DNC Hack
It was one of the most popular Zero-Day attacks. The data released about DNC or the Democratic National Committee was due to the recent Zero-Day attacks-2019. There have been about six zero-day exploited vulnerabilities, which are included in the zero-day vulnerability list – 2019, for gaining access to the stolen data. The state backed these discovered vulnerabilities by Russian hackers in Adobe Flash, Microsoft Windows, and Java. To operate on the vulnerabilities, the hackers got involved in a campaign of spear-phishing.
Unlike the phishing campaign, this spear-phishing campaign targeted specific individuals rather than the general public. The Russian hackers had sent out several emails containing booby-trapped links to phishing pages that stole passwords to people related to the DNC. People who clocked on tiny.cc and bit.ly concealed URLs surrendered the control of their personal computer and also the DNC network to the hackers.
Operation Aurora had been a series of cyber-attacks that aimed at several organizations such as Juniper Networks, Adobe Systems, and Rackspace. As per the media reports, there were other organizations among the targets like,
- Dow Chemical
- Morgan Stanley
- Northrop Grumman
Elderwood Group conducted the advanced level persistent threat that is based in Beijing and had an association with the People’s Liberation Army. The attacks had started in 2009 and had been disclosed for the first time by Google through a blog post on January 12, 2010. The discovery was related to the main goal of the attack. The principal aim was to gain access to and modify the source code repository at these defense, security, and high-tech contractor enterprises.
Zero-Day Attack Prevention
- Update every software and application as soon as the security patches are released.
- Implement Web Application Software for protecting the website. It enables you to identify the attacks accurately.
- Install an Internet Security suite. It usually comes with sandboxing techniques, smart anti-virus, heuristic file analysis, and default-deny protection.
Just as ransomware attacks, the Day-Zero attack is not going anywhere. The question of ‘how are the zero-day attacks discovered’ has also been answered by the experts by identifying the above threats. Cybercriminals are always looking for CVEs for exploiting the hardware or software programs. As per the CVE details website, there are about 185 CVEs that register over 9 according to its scale. A score above 9 shows that the hacker can expose the vulnerability in the hardware or software program and get complete control. So, make sure you are attentive with cybersecurity and do not let your inquisitiveness get the better of you.
Enterprise-class email protection without the enterprise price
For one low monthly price and no per-user fees, Phish Protection’s integrated email security solution protects your employees from business email compromise (BEC) and many other email threats. 24×7. On any device. With features you’d expect in more expensive solutions:
All Plans Come With
- Stops business email compromise (BEC)
- Stops brand forgery emails
- Stop threatening emails before they reach the inbox
- Continuous link checking
- Real-time website scanning
- Real time alerts to users and administrators
- Protection with settings you control
- Protection against zero day vulnerabilities
- Complete situational awareness from web-based console
Join 7500+ Organizations that use Phish Protection
Phish Protection works with System Administrators, IT Professionals and IT Executives in thousands of companies worldwide. Sign up and protect your organization from phishing attacks in less than 5 minutes