The IT team at an important company has just installed a vital update on all its corporate devices so that everyone can keep using them properly. The team and the organization’s management have every confidence in this new version. After all, why should they suspect that something could go wrong? Updates are standard procedure, and applying them is safe. What’s more, in many cases, they’re a vital part of cybersecurity.
However, something has caught the IT department off guard, and they send out a warning: a piece of malware has got through all their protections and has infected all the company’s computers. How could this have happened? A preliminary assessment points to that recently installed update. An investigation of the infection uncovers something worrying: the update contained a vulnerability that nobody, not even the software developers, had spotted. No one, that is, except the cyberattacker. This criminal is now well known on the Deep Web: he is the author of a new zero-day attack.
The window of opportunity
Coming across an unpatched vulnerability and using it to carry out an attack is the dream for many cyberattackers. Not only will a discovery of this type boost their standing in the cybercriminal community, but it also means that they will be able to personally benefit from the attack. This is precisely why zero-day attacks are so dangerous.
Time is not on the cyberattackers’ side: their window of opportunity between the discovery of the vulnerability and it being closed by cybersecurity providers or developers is limited. But not all attacks of this type are fixed so quickly. If the cyberattacker is discreet enough, companies can be exposed persistently through a vulnerability that they are unaware of. In previous blog posts we’ve talked about the risks posed by these advanced persistent threats (APT).
Insufficient cybersecurity to tackle the unknown
The fact that the cyberattacker needs to find that small vulnerability and act quickly and discreetly means that they are working in a context that has many limitations. This leads some organizations to the mistaken belief that zero-day attacks are not a very common occurrence. But they have become much more frequent over the last few years, and are now the most common incident registered. A study carried out by the consultancy firm Ponemon Institute shows that 76% of the companies that were surveyed that had suffered a cyberattack in 2018 say the type of attack was a new or unknown zero-day attack.
This percentage also highlights another aspect confirmed by the report: companies tend to prepare their cybersecurity plans to deal with known attacks, but pay less attention to unknown attacks. This goes some way to explaining the fact that, according to the study, 53% of companies dedicate more of their endpoint security investment to known attacks, while 47% spend more resources on unknown attacks.
Protect your company against zero-day attacks
Awareness in companies is vital when it comes to preventing unknown attacks. However, the very nature of zero-day attacks makes protection measures more complex. When faced with known threats, there are times when it could be enough to use traditional cybersecurity solutions that have successfully proven that they can remove threats. But what can companies do to protect against malware that has never been identified? Organizations need to take several measures, bearing in mind three essential aspects:
- The right software: windows of opportunity are opened for cyberattackers every time a new piece of software is installed on the company’s computers and systems. This, however, doesn’t mean that the company must do away with the programs it needs. What it must do is to maintain a control policy that includes periodical revisions and uninstallation of programs that haven’t been used for some time.
- In spite of the risks, the best option is always to update; as we mentioned, updates can contain new exploitable vulnerabilities. Nevertheless, developers try to correct errors and to apply new security measures in each version of their programs. It is therefore always worth keeping everything updated and using the latest versions of all software. To reduce the complexity of managing vulnerabilities, updates and patches for operating systems and applications, we recently launched Panda Patch Management. This solution makes it easier to respond to security incidents by patching all vulnerable computers in real time with just one click, all from a single security and management console.
- Solutions based on behavioral analysis: The security model based on signatures is obsolete and inefficient against zero-day attacks. The way to fight these unknown attacks must therefore be based on the detection of suspicious behaviors.
This is the line followed by the most advanced cybersecurity solutions, such as Panda Adaptive Defense. It offers total endpoint security and complete protection against known malware. But that’s not all; it also classifies 100% of processes using machine learning techniques, which allows it to analyze all suspicious behaviors. This way it can increase the possibilities of detecting any kind of unknown malware. Panda Adaptive Defense combines EPP, EDR and 100% Attestation and Threat Hunting services, giving way to a new cybersecurity model that reduces the attack surface to the absolute minimum.