What the Heck are Zero-Day Attacks? (And 3 Ways to Avoid Them)

If you look for the term zero-day attack in your home dictionary, you probably won’t find it.

Go ahead and check…I’ll wait.

You might not even find the term in some online dictionaries (though to be fair, it does appear in others.).

Nevertheless, if you google the term, you’ll find thousands of references to it, many of them from mainstream sources including Forbes, Time, and USA Today. So what’s the deal? If the term is so important, why isn’t in the dictionary yet?

As with so many computer-related terms, the phrase zero-day attack has recently crept into the lexicon of the common person, after being used by technical types for more than a decade. Also known as 0day attacks, zero-hour attacks and 0hour attacks, these are attacks that exploit a vulnerability in a computer application or program.

A vulnerability, by the way, is simply an error in a software that could be exploited. It isn’t a problem in itself, and it isn’t something that stops an application or program from working properly. However, if a vulnerability is discovered by a hacker, and if the hacker uses the vulnerability to conduct nefarious activities, then the moment these nefarious activities are discovered, it is known as a zero-day attack.

Hackers look for vulnerabilities that they can exploit.

Hackers look for vulnerabilities that they can exploit.

The term zero-day stems from the fact that developers have had zero time to defend their software against the attack. From the moment it is revealed, developers must work quickly to fix the vulnerability and stop the damage from spreading.

There are several related terms, by the way, including zero-day vulnerability (a vulnerability that has been revealed to the public at large – including both hackers and developers – and could lead to a zero-day attack unless fixed) and a zero-day exploit (an effort by a hacker to exploit a vulnerability on the same day that it is revealed to the public). Prior to these zero-day events, developers have had zero time to do anything. Once the vulnerability is revealed, developers are pressed to find fixes (known as patches) before exploitation can occur.

A Short History of Zero-Day Attacks

There have been scores of reports about zero-day vulnerabilities, exploits, and out-and-out attacks in the news recently. After all, that’s why you’re reading this blog right? Some major zero-day events include the following.

If that looks like a worrisome shopping list of trouble – it is. And experts warn that things are getting worse. From 2006 to 2012, the number of zero-day attacks varied between 8 and 14 each year. By 2014, the number had increased to 25.

Things aren’t getting better because the business of hacking people’s computers is becoming increasingly lucrative. Indeed, there is a serious underground market for buying and selling knowledge about vulnerabilities. This knowledge, when purchased by software developers, can enable vulnerabilities to be repaired without any damage to the software, its users, or a company’s reputation. However, if this knowledge is sold to bad guys, the vulnerability can be used to cause extensive and wide-ranging damage.

3 Ways to Avoid Zero-Day Attacks

You don’t need to be an IT expert to protect yourself against zero-day attacks. Just by reading this blog, in fact, you’re one step closer to protecting yourself. Because the more you know about dangers on the internet, the better you’ll be able to protect yourself.

Update your Antivirus

Choose a top-notch antivirus that protects against both known and unknown threats.

1. Use a top-notch antivirus.
The first thing you can do is get yourself an excellent antivirus. Make sure the antivirus you choose doesn’t just protect against known threats, since zero-day attacks are, by definitions, attacks that were not known just one day earlier. So when you choose your antivirus software, make sure it protects you from both known and unknown attacks. At ZoneAlarm, we call this process Threat Emulation, and it means email attachments and downloads are tested for threats in a safe, cloud-based environment before being allowed to enter your computer.

 

2. Update your software.
Another important way of protecting yourself against zero-day attacks is to make sure that you use the most updated version of your software. If software you trust sends you a notice to update your version, do it. If the software update explains that this a critical update (it may be referred to as a “critical security release” or similar), believe them. The update may include a patch to a recently discovered vulnerability. By updating your software, you immunize yourself against possible future infections through that vulnerability.

Many software vendors automatically update your software for you. Windows, for example, automatically installs important and recommended updates to your Windows software. While it is possible to turn off these automatic updates, it is highly recommended that you don’t, as they protect you from potentially dangerous security and reliability issues.

3. Use only updated browsers.
Firefox, Chrome and Internet Explorer all push out automatic updates of their browsers on a regular basis. These updates, which often include patches to newly discovered vulnerabilities, generally take place in the background. The updates are installed when you close and reopen your browser, and won’t disturb your use of the browser at all.

If you’ve left your browser open for several days, you might see your browser prompt you to update manually. For example, in Chrome, you’ll see the colors of the Chrome menu in the top right corner switch to green, orange or red. This is a subtle reminder to update your Chrome browser, and this can be done through the Chrome menu. Make sure you click Restart afterwards so the changes are applied.

An ounce of prevention…

Protecting yourself online isn’t much different from protecting yourself in other aspects of life.
You buckle up your safety belt BEFORE you start driving.
You buy travel insurance BEFORE you board the plane.
You set your alarm clock BEFORE your 9 a.m. job interview.

When it comes to the internet, protecting yourself from online threats also requires advance planning. Make sure your antivirus is powerful and up-to-date. Make sure your browsers and software are up-to-date.

What precautions do you take in your online life to prevent unseen hazards?

 

9 Ways to Avoid Online Shopping Traps (Just in Time for Mother’s Day)

 

So it’s a week or so before Mother’s Day and you’re thinking about what to get for your mom. Buy her a book on Amazon? Send her a bouquet of flowers via an online florist? Buy tickets online for an upcoming show?

If you’re like millions of sons and daughters, you’ll probably shop for your mother online this year. It’s a great convenience, that’s true, but it also poses hazards. After all, though online shopping is handy, it can lead to trouble.

The potential dangers of online shopping certainly don’t mean your mother should be deprived of a gift this year. Heaven forbid! And they also don’t mean you need to drive cross-country to drop off your gift in person (though she might appreciate that). What they do mean is that if you want to shop online and not get burned, you need to take some precautions.

Here are 9 ways to avoid online shopping traps – just in time for Mother’s Day. Of course, we recommend keeping these tips in mind all year long – your mother will be glad you did!

1. Use common sense.

If the site you are surfing on doesn’t look 100% right, assume that it’s not. It’s better to err on the side of caution then be stuck with a bill for an item that never came, was half the advertised size, or twice the advertised price.

If you’re surfing on a site that has bad spelling, sketchy images, poor logos, too many requests for personal information, or is offering a deal that seems too good to be true, surf away. We promise, there are plenty of other shops online.

2. Buy from retailers you know and trust.

Think twice before trying out an unfamiliar online shop for your Mother’s Day shopping (or at any holiday really). There are so many well-known online shops, and when you buy from these shops, you know they have a reputation to maintain. If anything goes wrong, they will be there to stand by their products and help you out.

Even if this means resisting what seems like a really good deal, or paying a slightly higher price to shop from a brand you know and trust, it’s worth it – especially when your mother’s gift is riding on it.

Flowers are a great Mother's Day gift.

Want your Mother’s Day flowers to arrive? Order from a trusted and reputable site.

The extra money you may spend shopping somewhere you know is worth avoiding the potential hassle you may find you have on your hands if the product you buy is of a lesser quality than you expected, not as cheap as you expected (look for hidden shipping charges), or worse still – completely fraudulent.

3. Don’t click on suspicious emails.

Chances are good that you’ve already got at least a dozen Mother’s Day emails in your inbox. These emails are probably pitching an incredible range of great deals for Mother’s Day, everything from flowers and chocolates to jewelry and mobile devices. Most of these emails probably include at least a couple of links that shout Save MoreSave Now, or better yet, Save 50%.

Though some of these emails may very well be offering real deals that your mother will love, others may be malicious. Links in malicious emails may be used to install bad bits of software onto your computer. Other links may send you to fraudulent sites that aim to obtain your credit card details without providing real products. These sites may look good – they may contain multiple pages and lots of nice pictures – but keep in mind that they could have been set up for the primary purpose of collecting your personal information.

Watch out for Phishing Emails and Websites

Phishing emails and websites have one goal – to trick you into revealing your credit card details.

So how can you protect yourself from email offers that end up delivering more than you bargained for? Your best defense is a good offense. First, take a close look at the email. Is everything spelled correctly? Do the images look good? Is there a logical reason why you’re receiving the email (i.e., do you remember signing up for such an email?)

If you answer ‘No’ to any of these questions, delete the email right away. Another way of verifying the legitimacy of an email offer without clicking on the link is by opening a new tab on your browser and typing in the URL of the company which sent you the email. If you reach a legitimate-looking website, look around to find evidence of the deal you’ve received by email.

If you can find the deal directly on the website, buy it there. If you can’t find the deal on the website but still want to believe it’s true, contact the company via email or telephone and ask a representative.

4. Never use public WiFi to shop online.

You may want to buy mom the album that’s playing at the local Starbucks while you’re at the Starbucks, but whatever you do, don’t shop using public WiFi.

When you send private information such as credit card numbers across public WiFi, everyone else using the network can also access that information if they want to. So why tempt them?

Always use a secure network to shop online. Always. So if you’re in a Starbucks and want to shop using your mobile phone or laptop, make sure you use a mobile VPN for safe shopping. If you can’t get a secure network for shopping, don’t. Either wait until you get home to shop on your private home network, or buy a gift card from the cashier using your credit card. Mom can still get the gift via the internet, and you won’t have to risk your personal information to send it.

5. Look for safety symbols before you buy.

If you do eventually reach the online checkout (assuming we haven’t scared you off already) take another moment before you reach for your credit card and look at the URL of the website. Does it start with HTTPS? Is there a padlock icon in the browser status bar or at the bottom of the web browser? Do you see the words Secure Sockets Layer (SSL) on the page?

If the answer is yes to any or all of these questions, then you are on a secure website (the “s” in HTTPS stands for secure). That means the network is encrypting your information. Encryption means that only you and the merchant can view the payment data. If you don’t see any of these security signs, walk away. Or in this case, surf away. The lack of these signs means the site isn’t secure, and that means your purchase details could be open to hackers. Just choose another site. We promise – there are thousands of safe sites that have just the right gift for mom.

6. Purchase with credit cards rather than debit cards.

Debits cards may be handy at gas stations and convenience stores, but they are not handy online. Debit cards offer direct access to your bank account. This means that if hackers get a hold of your debit card details, it’s kind of like writing them an open check.

Furthermore, credit card companies in many countries (the UK, for example) are legally obliged to protect consumers from online fraud. In other words, if your credit card is hacked and used for purchases that you don’t authorize, your credit card company may have to cover the fraudulent charges.

Credit card companies protect their own interests by using sophisticated software to detect unusual behavior on their customers’ accounts. This means that if a credit company notices that you’ve been making uncharacteristic or illogical purchases (for example, filling several tanks of gas in quick succession, or buying very expensive products that you’ve never bought before), they might block the card until they confirm with you personally that you meant to make these purchases.

Debit cards don’t offer such protections. This means that once someone accesses your debit card, they could theoretically use it until your account is drained, or until you notice.

7. Choose disposable credit cards rather than regular ones.

Disposable credit cards are even better than regular credit cards, since if they are hacked, you don’t have the headache of canceling your regular cards.

Disposable credit cards are a lot like gift cards. You simply place a specific amount of money on the card and then use it to make your online purchases. The card can only be used until the money you placed on it is used up. In other words, even if the details of a disposable credit card get hacked, the hackers only gain access to the amount of money you’ve put on the card.

8. Keep your receipts.

Receipts are just as important in the world of online shopping as they are in the mall, if not more so.  You never know when you may need a receipt, so make sure you keep it. When you purchase items online, you usually receive an order number and receipt, both at the website where you shopped and in your personal email. Make sure you keep these documents (and make sure they don’t go into your spam folder) as you may need them in the future.

Also, when your credit card statement comes is, double-check the purchase to make sure it’s correct.

9. Protection is the best form of prevention.

Your mother may have been telling you this old adage (albeit in reverse) for years, but it still remains 100% true. The safety of your online shopping transactions is directly related to the safety of your own computer.  And this relates to how well your computer is protected from malware, viruses and more. So make sure your personal computer is protected with the latest antivirus and firewall, critical tools for keeping you safe from online threats. Not only is this important for your own computer, but you know what? In a pinch, it could even be a Mother’s Day gift (though the mothers we know would probably prefer flowers.)

What’s your top tip for online shopping safety?

Don’t Let Your PC Get Held For Ransom

RANSOMWARE_header
“Ransom” may elicit a vision of ships, pirates, and hostages. And while ransoms do take place in dangerous parts of the world, certain forms of ransoms are a lot closer to home. We’re talking about ransomware, malware that holds your computer for ransom and demands some amount of money, to be paid to “unlock” it.
Continue Reading… Don’t Let Your PC Get Held For Ransom

Online Threats 101

header image
The Internet has proven to be a powerful and useful tool for billions of people worldwide. However, in the same way that you shouldn’t leave your house unlocked, you shouldn’t venture online without taking some basic precautions. Where do you start? Learn more about online threats and ways to protect yourself.
Continue reading…Online Threats 101