Zero-day attacks are among the most challenging Cybersecurity threats SOC teams face on a regular basis. These “never before seen” threats can surprise organizations even if they are protected by traditional Cybersecurity systems. The good news is that advances in unsupervised AI hold the potential to turn the corner on combating zero-day attacks.
What are zero-day attacks?
NIST (National Institute of Standards and Technology) defines a zero-day attack as one that, “exploits a previously unknown hardware, firmware, or software vulnerability.”
The terms “zero-day” and “never before seen” refer to the fact that by the time security analysts discover these exploits, they have “zero days” to fix them. Often, hackers have taken advantage of security vulnerabilities long before they are discovered.
Zero-day attacks in the news
Some zero-day attacks create so much havoc and cost organizations so much money that they dominate the news. This is especially true when the zero-day attack involves sensitive data. Here are a few examples of prominent news stories focused on zero-day attacks.
Yahoo (August 2013)
Though it’s been eight years since the Yahoo attack, this zero-day incident remains one of the most prominent to date. More than 3 billion accounts were accessed by a hacking group, information the company revealed in 2016. The attack affected an ongoing deal between Yahoo and Verizon, which was in the midst of purchasing Yahoo when the news broke. Yahoo accepted a reduced price, acknowledging the severity of the breach.
Alibaba (November 2019)
1.1 billion users were affected when a developer scraped customer data from the Alibaba Chinese retail website Taobao. The hacker carried out the attack, completely undetected, for eight months, using crawler software to collect the information.
LinkedIn (June 2021)
LinkedIn recently reported that it had been hit by a zero-day attack that affected 700 million users — a figure that represents more than 90 percent of LinkedIn’s user base. In this attack, a hacker scraped data by exploiting the site’s API. Since then, the group has publicly released a data set of around 500 million users while threatening to sell the full set of data related to all 700 million exploited accounts.
The UK’s National Cyber Security Centre warns that the type of data stolen, including email addresses, phone numbers, geolocation records, genders and social media details, could be used by bad actors to create alarmingly credible social engineering attacks.
Facebook (April 2019)
Information related to more than 530 million Facebook users, including phone numbers, account names and Facebook IDs, was exposed to the public internet after a successful zero-day attack.
Marriott International (September 2018)
More than 500 million guests who had registered an account with Marriott’s Starwood subsidiary had their sensitive data breached in a zero-day attack.
As early as 2014, bad actors had breached Starwood’s guest reservation database, copying data including guest names, addresses, phone number, email address, passport numbers, dates of birth, gender, arrival and departure information, reservation dates and communication preferences. The hackers were also able to access encrypted payment card numbers and expiration dates.
The MixMode zero-day solution
MixMode is the ideal tool in the fight against zero-day attacks. The platform constantly monitors all facets of network traffic using third-wave, unsupervised AI to identify anomalies in real-time. Security platforms unable to monitor traffic in real-time are no match for zero-day attacks.
MixMode establishes a constantly-evolving baseline of expected network behavior and adapts to normal network changes. The end result is a solution that can pin-point true threats with precision, including the IP address of hackers exploiting zero-day vulnerabilities, before the damage is done.
Should a zero-day attack be detected by MixMode, SOCs can use powerful investigative tools to perform a deep investigation about what happened. When security teams understand the full lifecycle of a zero-day threat, they can make more informed decisions about what to do next and how to prevent the next attack.