What you need to know about "Zero-Day Attacks" - Its You vs the Hacker
Are you familiar with the proverb that when two elephants fight, it is the grass that suffers? Even if you're unfamiliar with it, the illustration provided below will update your proverbial dictionary.
In the past few years, we have witnessed the effects of big data breaches on organisations like Snapchat, Yahoo, Cisco, DNC, Linkedin, and many others.
Though these organisations responded swiftly to fix and correct all damages, the engineering of the malware that was probably deployed against them lives on as a smaller scale threat against You and I.
Zero-Day Attacks are exploits used by hackers whenever they discover a weakness that has not been known by their target, such unknown weaknesses are referred to as zero-day vulnerability.
The simple way to interpret the term "Zero-Day" in IT security is "yet to be discovered". The very minute this vulnerability become discovered and fixed by the target, the term "zero-day" no longer applies.
Now if the big organisations and the criminal hackers are the "elephants", I assure you that You and I are the "grass". Let me explain why.
Criminal hackers do not waste their resources, they are organised and meticulous in their approach. These guys spend a lot of their time looking for weaknesses, when they find one, they spend an average of 20 days to build a malware that will strike and do the damage.
When the target company discovers that it has been hacked, the company fixes the loophole and try to correct all damages. It is important to know at this point that, the hacker do not discard the malware because the loophole has been fixed, they either sell it to some smaller hacker or they re-engineer it and deploy against smaller targets like You and I.
This is why we have a good number of small scale breaches here and there; our email get hacked (both personal and official), social media profile get hacked, files get corrupted or stolen, computer system get hijacked, and so on.
In the business of computing, big companies like Microsoft, Google, Apple and the others are obligated to protect our privacy while we use their products. These companies engage in non-stop research to discover all forms of weaknesses in their products, they sometimes go as far as buying these information off the hackers just to guarantee customer protection.
From time to time, they send software updates to our devices, these updates are patches that protect us against the weaknesses discovered in their products. However, most of us simply ignore these updates, while some of us completely change our settings to permanently block all updates - a bad computing habit.
Let me advise you from the standpoint of a software developer, particularly one with adequate software security skills, it is good computing habit to regularly download and install software updates, if you notice that you've not received an automatic update in a long time, make it your duty to manually search and be sure you are not missing any update.? It has been proven that if you take software updates seriously, you will reduce your chance of getting breached significantly.
Being in the business of software development as thought me that it is better to be safe than sorry, this is why a good software development team should test the products they build for vulnerability before it is deployed, and the security management of a software product should also continue throughout the life span of the product - Hence the compulsory release of security patches when necessary.
Continue to be the best in whatever you do.
Thanks and Stay blessed.
Stephen Adetutu Oniya | Director & Lead Developer | Softcity Group | Call Me +234(0)8092822229 | www.softcitygroup.com