The Kill Chain is the cybercrime thriller from Scotland’s newest writer, GJ Scobie, which is due to be published by Darkstroke on the 16th July 2022. This blog post is one in a series called Facts behind the Fiction, in which I take an aspect of the plot and provide factual background material, giving an insight into the real world of cyber security and those who work tirelessly to defend our networks and data.
So, what is a Zero-day?
It is used to describe a cyber attack in which the moment it is discovered or known about, there is no security fix or patch publicly available to download and use. A Zero-day vulnerability in computer hardware or software, is exploited by the hackers in order to compromise affected systems and data, in the knowledge that at the time of the initial attack, the targets are wide-open. This can have devastating consequences for those targeted.
A major concern over these Zero-day exploits is not knowing initially how long the hackers have known about it, and for how long they have been utilising it. Hackers could have been inside a computer network for years by taking advantage of a Zero-day vulnerability before they are discovered or they decide to announce their presence. During this time, they could have stolen and encrypted data, exploited user accounts and left backdoors and malware to trigger at a later date. Once discovered, the site targeted has the difficult task of ensuring that they can remove the hackers from the network, who most likely have set themselves up another route back in should they be discovered.
When a Zero-day vulnerability and exploit becomes publicly known, the company who owns the affected software or hardware will move quickly to provide a security fix or patch to protect vulnerable systems. They will also be looking at the exploit to see whether something can be done to mitigate the attack as soon as possible. Sometimes, a change in the existing configuration of affected systems can be enough to provide protection against attack. Depending on the nature and circumstances of the Zero-day, there may be no option, but to prevent affected systems from being visible to the internet until such time as a fix becomes available.
In April 2022, reports from both Mandiant and Google indicate that Zero-day vulnerabilities more than doubled during 2021. Due to the complexity of interconnected systems and software, it is a fair bet that this type of attack is here to stay.
Next time, sleepers.