Friday 11 April, 2014
Of all hacking attacks, zero day attacks are the most dangerous. These are the attacks that come from out of nowhere and grab sensitive data or large sums of money from businesses and government agencies.
How Hackers Attack
Hackers gain access to networks by exploiting vulnerabilities in programs and platforms. It takes time for them to discover these vulnerabilities. Once a number of hackers carry out these attacks, developers figure out ways to patch the weaknesses so that these attacks will no longer be effective.
A zero day attack, also sometimes called zero hour attack, is one that exploits a new vulnerability that the developer hasn’t had time to patch yet. In other words, it’s a surprise attack that takes advantage of weaknesses we weren’t aware of. This is why they’re so potentially dangerous.
Responding to Zero Day Attacks
When a zero day attack occurs, it sends developers scrambling to patch it up. It’s a race against time as they test their program and search for the hole that let the hackers in. The developer will then release a patch to those who purchased the program so that they can protect themselves against further attacks.
Sometimes, developers were aware of the vulnerability beforehand but just haven’t released a patch yet. They may hold off on releasing the patch because the weakness isn’t so dangerous. Even if hackers manage to exploit it and gain access, there’s not much they can do.
Another reason they may not offer a patch immediately is that they don’t want to inundate customers with updates. As any software user knows, constant updates can be an annoyance. Many venders release the patches together as one update.
Pentesting to Patch up Vulnerabilities
A good way that developers can prevent zero day attacks is what’s called pentesting. Companies that perform pentesting basically attack a program or system to see where its weaknesses lie. These companies are experts at finding and exploiting vulnerabilities. Pentesting is a kind of trial by fire. By attacking the system, they can find its weaknesses before real hackers have a chance to.
Protecting Yourself against Zero Day Attacks
As a software buyer, there’s not much you can do to prevent zero day attacks on your end. However, when considering software options, you can shop around and buy from a developer or vender who performs testing to prevent zero day attacks. Some developers test more vigorously than others.
Certain developers have other security safeguards in place that can prevent attacks. You can find out from developers about their contingency plans in case an attack occurs. For example, some have instant protections using the cloud that will mitigate the severity of the attack. Look for this when considering software options.