What Is A Zero-Day Attack?

welcome back to another episode of cappuccino chat this time we're talking about zero days and what exactly does that mean all right so we're talking about zero days as this has been in the news a lot lately but you know what does that actually mean to most of us so some of the attacks that we've seen lately have been around microsoft like the microsoft office folena attack and microsoft search these types of attacks are not limited to just microsoft it happens to everybody apple was in the news a couple months back they had like a big string of them affecting all their different devices not just the iphones and ipads but even the watches and their mac os itself so it does affect everybody so what is a zero day so a zero day is a vulnerability that the manufacturer has been unaware of is in and is now being made aware of meaning it's the zero day they haven't had a chance yet to react to it they haven't had a chance to do anything about it but nothing has happened yet now if a zero day turns into something where it is being actively exploited and uh gone after in the wild in other words you and me if we're being used if someone's attacking us using this new zero-day vulnerability that was found then it becomes a zero-day attack as in the case of the microsoft office one the felina so basically how that one worked was getting attachments opening those attachments getting an error message launching some other stuff gets gets a little technical these are the most dangerous types of attacks and the reason being is again it's zero day nobody's had really had a chance to take a look at it see how to correct it see where the issues are see what other systems might be affected by it so these are the most dangerous types of attacks in the fact that we know it's something that can be exploited it just hasn't been yet and typically when somebody knows there's an exploit available to them it's just a matter of time before it happens so now it's a race against the clock so how do we protect ourselves from these things and not go into panic mode when it happens so first of all don't go into panic mode when stuff like this happens all the manufacturers will attempt to get everything patched and fixed as fast as possible now sometimes in the course of fixing these the manufacturers do end up introducing additional issues problems that weren't thought of or accounted for so we have had in the past where microsoft may release a patch and then that patch actually causes other problems that they didn't know about so but most manufacturers will attempt to get things patched and fixed as quickly as possible so number one do not panic they will fix it as quickly as possible two just because there's an exploit out there doesn't mean it's going to necessarily happen to you right away it is very possible as in this case of this microsoft office one majority of users use microsoft office in some shape or form so odds are good that this type of attack could affect all of us the best course of action for these types of things are training our employees so in the case of this microsoft office one yes it's an issue yes microsoft is working or has worked to fix it and fixed it but in the meantime between the point of finding it and the point of getting it fixed if something were to happen the best defense to this is employee training so training your employees not to click on links not to open attachments again we all get in a rush we all know things are going on and we're just like oh yep i know that that's for my customer i need to open that not necessarily if you weren't expecting it it's out of the ordinary check spelling check the return email address and the from email address it may have their name but not their email address that you're used to getting so slow down and verify these things this is the easiest way for attacks to happen is they get a hold of someone's address book by getting into you know one of your clients or friends family's uh email account they get all the email addresses and then they send out with their name attached to it but not their email address necessarily sometimes they do spoof the email address but again look at different things email address spelling the way they talk in the email we all know we have our own different flair and way of saying things and that comes across both in our speech and in our emails when we're typing out messages so make sure it fits just because a client may send you a an invoice or a link to something to share a document with you if you weren't expecting that document or that link or that invoice do not open it pick up the phone call that person back say hey i just got this email from you did you mean to send this to me because you you know i wasn't expecting an invoice from you we just paid your invoice or you know we weren't expecting another invoice quite so soon you normally send us invoices on the first and the 15th or the end of the month or whatever the case might be so have your employees slow down and watch for things like that it typically is a dead giveaway when things like this happen so what is a zero day it's the zero day right we haven't even had a full day to know about the issue happening and it's a vulnerability in the system could be the operating system could be a program like microsoft office it could be in something like google or in the apple devices it's just a vulnerability once it becomes a zero day threat that means they're actually seeing people take advantage of that vulnerability and attack businesses people etc as with everything if you have any questions on this and how you can help protect yourself your employees and your business always reach out to us 760-770-5200 you