Home

About Us

IT Services

Understanding IT

News

Blog

Contact Us

Client Support Center

Dresner Group Blog

A Zero-Day Vulnerability Doesn’t Mean Zero Options

zero day vulnerability

A zero-day attack is particularly dangerous because it occurs before the software or hardware vendor is aware of it. This exploit is a vulnerability hidden in the code, unknown to the vendor, but somehow found by hackers. This means that there is no patch available to prevent the attack from occurring until the attack is already in progress. In other words, you have “zero days” from the time the vulnerability is discovered to protect against the attack: once the exploit is triggered, it’s already too late.

A zero-day attack can find its way onto your computer in a variety of ways, but no matter in what form it presents itself, the goal of the exploit is to inject malicious code into your system. This intrusion can compromise your computer, allowing the hacker to co-opt it for their own nefarious needs. Some examples of how a zero-day exploit can reach your systems are:

Web Browser: If there is an exploit in your web browser or a web extension, an infected website can use your web browser as a way to gain access to your computer. You don’t even have to click on a link, just visiting an infected website can be enough to spread the malware. One common extension used to gain access to computers was Adobe’s Flash Player. Since its release, there have been over 1,000 exploits found in Flash. Is it any wonder some web browsers either don’t support it or highly recommend the user doesn’t install it?

Poorly Written Software: With the extensive and continuously growing amount of software, it is little wonder some of it doesn’t follow best practices. While it may not be deliberate, the resulting lack of standards and quality control allows hackers to find an exploit and compromise a computer which may have the software installed on it. While this is mainly a risk associated with shareware or freeware, there is plenty of paid software which just isn’t written carefully enough.

Email: This is one of the primary methods your computer is compromised. Not only from a Zero Day attack but a myriad of other ones as well. The best way to prevent this from occurring is to follow best practices regarding opening attachments. Remember, if you open an attachment containing a zero-day exploit, there is nothing to stop the attack from happening until the vendor releases a patch, a patch which--depending on the age of the software or hardware--may never come.

Closing the Window
A vulnerability window is the time between the exploit being released and the patch being administered to close it. Depending on how fast the patch is delivered can have a significant effect on how ingrained the malware becomes in “the wild” and on user’s systems. While the vulnerability can’t be stopped, in many cases their damage can be mitigated by using best practices for cybersecurity.

  • Ensure your firewall is up-to-date and protecting your network and reducing opportunities for cross-contamination.
  • Keep your antivirus software up-to-date
  • Check your browser settings to control how much access your extensions have
  • Wait before installing newly released software to give the early adopters the opportunity to find any bugs.
The best defense against any type of cyberattack is preparation. Dresner Group offers a wide range of IT Security Solutions, for more information about protecting your business and its data, give us a call at 410-531-6727.
Fingers Crossed! The Robocalls May Soon Stop
You May Be Surprised What You Are Missing Without ...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, December 16, 2018

Captcha Image

Contact Us

Learn more about what Dresner Group
can do for your business.

410-531-6727

Dresner Group
5950 Symphony Woods Road Suite 302
Columbia, Maryland 21044

Client Service Login