Whatever anyone might say about them, cyber criminals are not lazy - or cheap with their Research & Development (R&D) money. This a business: a very serious business, which experts say will generate over ten trillion dollars in revenue per year by 2025. According to Cybersecurity Ventures, cybercrime is expected to grow at a rate of 15% per year for the next 5 years.

Cybercriminals have a vast array of tricks and schemes at their disposal to mount attacks, but the alarming speed with which they are now able to exploit known vulnerabilities is astounding. Just a few days ago, Cybersecurity software provider Rapid7 updated their 2021 Vulnerability Intelligence Report.  Their analysis shows that in the space of one year, the average time between the discovery of a vulnerability and a Zero-Day attack has collapsed from 42 days to just 12 days.

What is meant by zero-day attack?

When a vendor or developer discovers a flaw in their software that results in an exploitable vulnerability, it means they have ‘zero days’ to get it fixed. But they are rarely fixed in a day. A zero-day attack simply means that cybercriminals exploit the vulnerability before the developers get it fixed. Hackers usually discover these vulnerabilities before the developers do – after all, it’s their job.

Any type of IT support, from the low-level Break/Fix IT services ‘guys’ to the best Managed IT Services providers is not likely to find these deeply buried vulnerabilities. They don’t send out alarms, and until something goes wrong, like an attack, finding them is like looking for a needle in a haystack – specifically because they have no indication that there is a needle at all.

All too often, the forensic analysis in the aftermath of a devastating attack reveals the existence of the flaw. This is the main impetus for cyber criminals to step up their game. They find an ‘unlocked gate’ and need to take advantage of it before someone sees it and locks it. The fact that in one year the hackers became three ½ times faster at mounting and performing successful attacks does not bode well for the future.

Three words describe the events surrounding a Zero-Day.
A zero-day vulnerability is the software flaw itself. Often discovered by the hackers before the developers are aware of it. Occasionally it is the result of a network flaw due to inferior IT services.
A zero-day exploit is the method hackers develop that will enable a successful attack.
A zero-day attack is simply using the exploit to breach a network for criminal ends.

The most well known zero-day attacks in the last few years are:
Marriott International in September 2018
Facebook in April 2019
Alibaba in November 2019
LinkedIn in June 2021

In these four attacks alone, the personal information of over 2.2 billion customers or users was stolen.

Do not think that huge companies are the only businesses being targeted. The overall #1 target of cybercrime are Small and Mid-size Businesses (SMBs).

Let’s talk about Goldilocks and the Three Bears. If Goldilocks were a cybercriminal, she would look for the victims that are best suited to her: Government and Multinationals conglomerates are ‘Too Big.’ Grifter snatch-and-grabs against consumers are ‘Too Small.’ BUT, for the vast middle class of cyber crooks, where the greatest numbers of hackers are, SMBs are ’Just Right.’

Just like the IT Support Los Angeles community has its own ‘pecking order, the ‘community’ of cybercrime has its own system of echelons or classes. The lowest on the totem pole are small time hoods breaking into consumer cell phones or home PCs to grab a couple hundred bucks.
High-level hackers attack governments and mammoth corporations. They are the hackers who make the news feed – and they are not looking for you or your business.

It's the mid-level crooks you need to worry about – and they are the most plentiful in number. This is a business, and day after day, they stay focused – on SMBs. In the past, the conventional wisdom among Cybersecurity experts was that because of the 42-day lag-time between the discovery of a vulnerability, the development of the right exploit and then the attack itself, these attacks were more or less relegated to high-stakes criminals. When the ability to initiate zero-day attacks went from a month and a half to a week and a half, the mid-level thieves started jumping in with both feet.

How can you defend against zero-day attacks?

Just like with any threat, there is no guarantee of 100% protection. Because they are based on vulnerabilities discovered before the developer or IT services crew have detected and fixed them, it is difficult to protect against them. The steps taken by either your in-house IT support or outsourced Managed IT Services provider like IT Support LA should be geared towards eliminating the lion’s share of attacks and mitigating the damage should any attacks be successful.

Mounting an effective zero-day defense.
Adopt and implement these tools and Best Practices:

1) Windows Defender Exploit Guard
2) Effective Patch Management
3) Next-Generation Antivirus (NGAV)
4) Incidence Response Plan (Part of a Backup & Disaster Recovery Plan)

Frequently Asked Questions

Q: What type of threat is a zero-day?

A: Simply put, it is a threat that hasn’t been identified before, so anti malware Cybersecurity measures are often unable to stop it. Whoever discovers the key vulnerability first wins – and it’s usually the criminal.

Q: Are zero-day attacks common?

A: They are quite common and growing every year – especially since March of 2020. The Ponemon-Sullivan Privacy Report stated that the percentage of security breaches that came as the result of a zero-day attacks had already reached 80% by May of 2020.

Q: What is the most famous zero-day exploit?

A: Although it is not the biggest breach in terms of the number of personal records stolen as noted above, by far the most notorious was the 2019 attack and breach of the Democratic National Convention (DNC) – if only by the sheer volume of media coverage.

Q: How many types of exploits are there?

A: Fundamentally, there are five basic types and two methods:

Software: The most common – as explained above.
Hardware: Usually due to poor encryption or configuration.
Network: Due to a bad setup by an inferior IT services provider – poor encryption and Cybersecurity.
Personnel: The #1 weakness that leads to an attack – due to poor training and lack of strong policies.
Physical: Easy access to the physical network and servers.

Remote Exploits: The most common, where the hack does everything using an internet connection.
Local Exploits: This requires previous physical access to the vulnerable network.

How secure is your network?

IT Support LA offers a FREE, no-risk network and security assessment. No strings, no obligation.
Just fill out the form on this page or call us at: