What is a Zero-Day Threat?
The term “zero-day threat” may sound like the title of a hit film, but it’s definitely not that kind of thriller. A zero-day threat or attack is an unknown vulnerability in your computer or mobile device’s software or hardware. The term is derived from the age of the exploit, which takes place before or on the first (or “zeroth”) day of a security vendors’ awareness of the exploit or bug. This often means there is no known immediate security because software or hardware manufacturers are just learning of the vulnerability and have had zero days to address and patch the vulnerability. It’s like discovering a new species in the wild. It’s brand new and might not even have a name yet.
In the past the viruses that the hackers released were meant to cause annoyance and disruptions and were done for notoriety and fun. They could do a number of different things to wreak havoc on your computer from scrolling profanity across the screen, or crashing it, but mostly it could be a pain and a huge time sink.
Nowadays, with the proliferation of malware, hackers have developed much more sophisticated ways to trick you. But the main difference now is that hackers are using malware and viruses as a way to make a profit, whether that is by holding your device and data hostage, or tricking you into revealing your personal information so the hacker can access your financial accounts.
That’s what makes zero-day threats so dangerous for us today. Hackers can exploit zero-day vulnerabilities through different means, but traditionally web browsers have been the most common, due to their popularity. Attackers also send emails with attachments or you might click a link in the body of an email that automatically downloads malware. All of these could now be putting you at risk.
So what can you do to protect yourself? Studies have shown that while zero-day attacks make us all vulnerable, where they are most dangerous is long after a security patch is made available–because not everyone updates their systems. Here are some tips to help you stay protected:
- Update your browser, operating system and applications – Patches fix the vulnerabilities in your software and operating systems, strengthening your resistance to malware.
- Use only essential applications – The more software you have, the more vulnerabilities you have. You can reduce the risk to your network by using a minimum of applications.
- Don’t click on links in attachments – This is a good rule of thumb in general, but it can definitely help you protect against zero-day attacks.
- Be careful what sites you visit – Use a safe search tool, like McAfee® SiteAdvisor® which comes with all McAfee security products that will warn you of risky sites in our browser search results and prevent you from going to malicious sites.
- Make sure all your devices are protected – Invest in a comprehensive security solution like McAfee LiveSafe™ service that includes antivirus, but also protects the identity and data of you and your kids for ALL your devices.
We all need to be vigilant in our fight against cybercrime. Stay safe!
Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.