Definition of Zero Day Exploit

If I ask you what is the best way to attack (in a war, for example), surely everyone will answer “by surprise”. When the enemy is not expecting it, that is when it is easiest to do damage.

Well, in computing, this surprise effect can be achieved by exploding a zero day exploit.

Zero day exploit literally means “zero-day exploitation [of seizing, not blasting]”, although in our context what it means is to exploit (exploit) a vulnerability that has not been reported to the public

And, if it has not been reported, it is unknown, and what is not known cannot be prevented, right? This is where the wow factor comes in.

A cybercriminal finds a hole in safety in a operating system or app, and is the first to do so. No one else knows, not even the creator of the software, so there are no protections, no countermeasures, and no patches yet.

If you play your cards well, the cybercriminal knows that it will hardly be possible to be discovered, although there is still a possibility ...

An attack that exploits a vulnerability that has not yet been reported can be identified and discovered (the attack and, incidentally, the same hole that allows it) by modern antivirus through the use of artificial intelligence technologies that analyze the behavior of running programs to detect behaviors anomalous

These anomalous behaviors are extrapolated as commonly carried out by the various typologies of malware such as self-replication.

Ideally, for the cybercriminal who finds the bug, not even the creator of the program is aware of it, although this is not always the case.

Usually, when a hacker detects a security hole in a program as a result of a code wrong source leading to abnormal behavior, report it to creators, who review the code, create a patch that fixes the bug, test it, and finally release it and release it to their users.

No matter how quickly, this process takes time, which leaves the computer subject to error defenseless to attack.

Once the problem is known to the computer security community, it is only a matter of time before you have a solution in the form of a patch. Meanwhile, if it is in a program, it is better not to run it, and if it is in the operating system ...

If we start from the basis that we do not know that we are in danger, obviously, we have to have preventive measures to avoid suffering this type of attack.

As I have said before, most of the current security programs incorporate modules that allow to identify suspicious behavior, so it is essential to have a comprehensive security solution, and not just a antivirus current.

We must also be aware of the patches to install on our software (operating system and programs), but since we are talking about zero day exploitsThese are not of much use, so we will have to apply another measure.

And this will be to close all ports and services that we do not use. For example, many servers activate the FTP service by default when the system is installed. Deactivate it and close the port will be ours obligation.

In the case of multi-computer installations, we should consider perimeter security, placing a firewall between our network and the “outside world”.

Photos: Fotolia - Bratovanov

Topics in Zero Day Exploit