Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
74 views2 pages

Zero Day - Transcript

The document discusses zero-day vulnerabilities, which are security flaws discovered by attackers before the vendor can issue a patch. It outlines the seven stages of a zero-day attack and emphasizes the importance of proactive measures such as reducing attack surfaces, timely patching, and employing detection solutions to mitigate risks. The critical period for potential exploitation occurs between the discovery of the vulnerability and its public disclosure.

Uploaded by

SrikanthAsSri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
74 views2 pages

Zero Day - Transcript

The document discusses zero-day vulnerabilities, which are security flaws discovered by attackers before the vendor can issue a patch. It outlines the seven stages of a zero-day attack and emphasizes the importance of proactive measures such as reducing attack surfaces, timely patching, and employing detection solutions to mitigate risks. The critical period for potential exploitation occurs between the discovery of the vulnerability and its public disclosure.

Uploaded by

SrikanthAsSri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

In this course, you’ve learned about the importance of using up-to-date,

supported software; maintaining a secure configuration; scanning frequently;


and patching vulnerabilities on-time.

But what happens when attackers discover a vulnerability before the


software vendor, so there’s no available patch? This is called a ‘zero-day
vulnerability’ – because the vendor has zero days to provide a fix.

[Show slide that shows the 7 stages]

In most cases, once a zero-day vulnerability is discovered, everyone is busy:


 Cyber criminals are trying to find a way to exploit the zero day and
attack as many organizations as they can before the software vendor
releases a patch for the vulnerability
 Researchers and organizations try to find a way to detect an attacker’s
exploit, so that they can quickly detect and respond to an attack to
minimize the impact
 Researchers and organizations will also evaluate potential mitigating
controls for the exploit. For example, if the vulnerability only applies to
certain configuration types, then organizations could ensure none of
their systems match that configuration.
 For critical, zero-day vulnerabilities, IBM often takes a proactive step of
isolating vulnerable systems from the network until mitigating controls
or a fix can be applied.

We can protect ourselves against a zero-day exploit in several ways,


including:
 Proactively reducing the attack surface of all our of our systems
 Applying available patches on-time, so that attackers can’t chain
together a zero-day vulnerability with other vulnerabilities in the
system left unpatched
 Deploying Endpoint Detection and Response (EDR) solutions and
adopting Web Application Firewalls that enable IBM’s cybersecurity
team to detect and protect against attacks
 Enforcing the principle of least privilege by granting the most basic
permissions tousers, applications, and devices, since Zero-day exploits
often leverage root or admin privileges
 Practicing regular patching practices, so that as soon as a fix is
available for a zero-day, you’re ready to test and apply the fix.
 Subscribing to alerts from CISO’s vulnerability response team, and
immediately applying a patch as soon it’s available for a zero-day
vulnerability, since attackers will keep trying to exploit the
vulnerability until you apply the patch.

A zero-day vulnerability is a security vulnerability that is discovered by


malicious actors before the vendor has become aware of it.
The vendor has zero days to provide a solution.

Security researchers Leyla Bilge & Dumitras Tudor identify seven points in
time which define the span of a zero-day attack:
(https://www.semanticscholar.org/paper/Before-we-knew-it%3A-an-empirical-
study-of-zero-day-Bilge-Dumitras/
0ebb041524a751276219a396c634da15742a6e6a)

Step 1. Vulnerability is introduced either by being released as part of a


software application, or the software is deployed by users.

Step 2. Zero-day exploit is released in the wild. Attackers have


discovered the vulnerability and found a technique they can use to attack
vulnerable systems.

Step 3. Vulnerability is discovered by vendor, but a patch is still not


available.

Step 4. Vulnerability is disclosed publicly by the vendor, or the security


researchers, making both users and attackers widely aware of it.

Step 5. Anti-virus signatures is released. If the malicious actors have


created zero-day malware, anti-virus vendors can identify its signature
relatively quickly and protect against it. Systems could still be exposed
because there may be other ways of exploiting the vulnerability.

Step 6. Patch is released. Fixing the vulnerability might take between a


few hours to months, depending on the complexity of the fix and the
vendor’s prioritization of the fix in their development process.

Step 7. Patch deployment is completed. Even after a patch is released,


users can take a long time to deploy it.

The window of exposure in which systems may be vulnerable to attack is the


entire period of time between step 1 and step 7.

A zero-day attack can occur between step 2 and step 4 , which is the most
dangerous period because the zero-day exploit will be used to breach, cause
damage or steal data from a system affected by vulnerability.

You might also like