There are plenty of cyber security buzzwords flying around these days but few are heard as often as the phrase "zero-day attacks." In fact, it even made an appearance in our article on predicted threats for 2016. Experts see zero-day attacks becoming much more prevalent and continuing to do so throughout 2016. While many people have heard the phrase, we often find that unless the person is highly technical or a security professional, they don't know what it means. So we are here to help!
What is it?
A zero-day attack is an attack that is launched as a result of a bug or vulnerability in an application or on a device being announced. It is best demonstrated by example. Let's look at Windows updates for instance. If you are a Windows user, you've likely at some point been prompted to restart your computer to install critical Windows updates. When updates like this are released for an application or device, the vendor releases a full set of notes explaining what was broken and now fixed by the update. While this is necessary, it also essentially provides a treasure map for attackers who now can easily turn around create malware targeted at whatever was broken. A zero-day attack happens when this attack is launched the day a vulnerability is announced to the public and catches devices that haven't gotten updated yet.
Now the reason this attack is so prevalent is that every application and every device go through these updates on a regular basis, so there are tons of different opportunities for attackers to try and catch an opening. Think of how many applications are on your home computer or how many apps are on your mobile device. Now think of how often you get notifications to update. Each and every one of these times creates a window of opportunity for attackers.
How do I protect against it?
The easiest and most effective way to combat these attacks is to make sure to run updates as soon as they are available. For as many applications and devices as you are comfortable, set up automatic updates so you don't have to think about it. For example, browsers like Chorme and Firefox have the option for automatic updates and you can go to your iPhone settings and set all apps to automatically update if you want. Make sure when you get those pop-ups to run updates that you actually run them rather than ignoring them. Stay on top of the updates that affect you and get advice on how to update from our free notification service.
Keep your anti-virus and anti-spam tools up to date and scan your computer regularly. Doing this on a regular basis will help detect malware that you may not have known was already on your device and stop it from doing any further damage.
Regularly change your passwords. In the event that malware has made it on to your machine in the past and possibly obtained data like username and password combinations, staying on top of regularly changing your passwords can keep you from suffering further damage. Get a password safe tool like Lastpass and make use of the tools to generate passwords and update passwords once they've become older than 90 days.