Zero-day attacks pose a significant threat to the security of our information and systems. Unlike run-of-the-mill cyberattacks, the danger posed by zero-day attacks is intensified because the attack is not yet known to security researchers. This means that signature-based detection mechanisms have no ability to identify these attacks and that routine patching of systems will not prevent a compromise. Fortunately, there are steps that colleges and universities can take to reduce their vulnerability to these insidious attacks.
What Is a Zero-Day Exploit?
Security researchers discover new vulnerabilities in operating systems, applications and devices every day. These vulnerabilities vary in severity, with some allowing attackers to gain limited access to information and others providing the opportunity for attackers to completely compromise a target system. When a researcher discovers one of these vulnerabilities, they have two major paths they can follow with that information: They may disclose it to the vendor to allow the vendor to prepare a security patch that corrects the issue or they may attempt to use that vulnerability to their own advantage, either by exploiting it themselves or selling it to the highest bidder.
A bleak situation arises when a hacker who discovers a new vulnerability chooses to use the information themselves or sell it to a nation-state or other entity. The vendor remains unaware of the vulnerability and therefore cannot issue a patch correcting the issue. This makes the exploit a particularly dangerous weapon, as it can then bypass traditional security controls that rely on identifying the signature activity of known attack patterns. In other words, the zero-day attack is an unknown attack that can slip through those mechanisms until it is eventually discovered.
Click the banner below to see CDW's roadmap for a multifaceted cybersecurity program.
What Do Zero-Day Vulnerabilities Mean for Higher Education?
Zero-day attacks aren’t new; they’ve posed a risk to cybersecurity programs for years. However, these attacks were traditionally the domain of sophisticated nation-state attackers who normally kept them as closely guarded secrets — only to be used against high-value targets. One example is the Stuxnet attack that the U.S. and Israeli governments allegedly waged against the Iranian nuclear program.
Times have changed, however, and the use of zero-day exploits is on the rise. Security researchers at Google recently tallied the public disclosure of 33 zero-day exploits during the first half of this year; only 22 were discovered in 2020.
Additionally, zero-day attacks are now targeting higher education institutions. Over the past year, the U.S. government has warned multiple times that foreign governments are targeting higher education systems to steal COVID-19 research and other types of intellectual property.
This spring, Microsoft reported that a zero-day attack against Microsoft Exchange Server was actively used by a “highly skilled and sophisticated” Chinese threat group against higher education institutions.
Click the banner below to get a free checklist on preventing and remediating zero-day exploits.
How Can Higher Ed Protect Itself From Zero-Day Attacks?
While zero-day attacks do pose a serious cybersecurity threat, the good news is that colleges and universities can take proactive measures now to bolster their defenses against a successful attack. Here are some of the most important actions schools can take today to protect their systems, intellectual property and other sensitive information.
- Build a robust cybersecurity program. Cybersecurity controls do not function in isolation, and technical solutions do not provide protection without supporting mechanisms in place to tie them together. Colleges and universities should continue to invest in their cybersecurity teams and ensure that they have appropriate people, processes and policies in place to provide a comprehensive framework for their cybersecurity efforts.
- Conduct regular security assessments. Higher education campuses have some of the most complex technical environments in the world. They contain virtually every type of technology system imaginable, ranging from administrative enterprise resource planning and customer relationship management systems to sophisticated scientific research instruments and restaurant point-of-sale systems. This complexity creates target-rich environments for attackers seeking to gain a foothold on campus networks. Higher education technology leaders should work with internal teams and external vendors to conduct regular vulnerability assessments that identify weak points on their networks.
- Adopt a threat hunting philosophy. The sophistication of nation-state attackers and other advanced persistent threat groups requires a shift in the mindset of cybersecurity professionals. Rather than assuming that their networks are secure and dedicating their time to keeping intruders out, cybersecurity teams should now assume that attackers have compromised their networks and seek out indicators of their activity. This threat hunting approach identifies potential compromises, sharpens the skills of cybersecurity teams and bolsters institutional defenses against advanced threats.
CYBERSECURITY AWARENESS: Explore data security issues, tools and solutions.
- Deploy next-generation firewalls and intrusion prevention systems. While no technology is a silver bullet in the fight against zero-day attacks, modern cybersecurity solutions play a critical role in developing a robust defense against these threats. This includes the use of next-generation network security controls that incorporate real-time threat intelligence as they monitor traffic for signs of malicious activity. Next-generation firewalls block suspicious inbound connections before they reach a campus network, while next-generation intrusion prevention systems block suspicious activity that makes it through perimeter defenses.
- Reinforce endpoint security mechanisms. Faculty, staff and students work from remote locations more today than ever before. The laptops, smartphones and other mobile devices they carry with them often contain sensitive information and may create a pathway to other systems once they eventually reconnect to the campus network. Colleges and universities should upgrade their existing anti-malware defenses to incorporate advanced endpoint protection technology that monitors endpoint activity and defends against attacks wherever the devices operate. These modern solutions combine the signature detection technologies of traditional anti-virus software with advanced behavioral analysis capabilities that may detect zero-day attacks in progress.
- Prepare for a potential compromise. Higher education technology leaders must accept the fact that cybersecurity incidents are inevitable and plan for a rapid and comprehensive response to incidents when they occur. This includes developing contractual relationships with incident response firms that enable them to spring into immediate action when an attack strikes.
The bottom line is that zero-day attacks pose a clear and present danger to the security of systems and information in higher education. Schools should continue to enhance their cybersecurity programs to protect themselves against these threats.