Fraud Alert: Zero-day Exploits & Havoc
I love watching some interesting web series and films. While Bollywood produces a large number of films, the majority stick to stereotyped love stories and a few like to dig into the past. I skip most of these and prefer to watch English and, yes, Malayalam movies. The reason is simple. Many English language movies and web series (from the US, UK, Australia and New Zealand) and some Malayalam movies deal with diverse subjects, including psychological thrillers and tech-based plots. (I would recommend some good tech-based Malayalam films like Keedam, I am Kathalan, Operation Java and Kishkindha Kaandam, a mystery thriller). 
 
Last month, Netflix featured Zero Day, a six-episode thriller starring Robert De Niro as George Mullen, a former US president. Zero Day delves into contemporary issues such as cyberterrorism, the fragility of digital infrastructure and the complexities of discerning truth in an age dominated by misinformation and conspiracy theories. 
 
From a cybersecurity perspective, Zero Day taps into some pretty realistic and thought-provoking themes. The series portrays a cyberattack carried out using a zero-day vulnerability, resulting in widespread casualties, emphasising how vulnerable essential services like power grids and transportation are to cyber intrusions. The catastrophic cyberattack that cripples critical infrastructure in the web series is not unlike real-world cyber threats. 
 
Remember the 2015 and 2016 attacks on Ukraine's power grid and the Colonial Pipeline ransomware incident in 2021 or Pegasus penetration using zero-click exploit on iPhones in 2023?
 
On 2 July 2021, a ransomware group known as REvil, a notorious Russian-speaking cybercriminal group, exploited vulnerabilities in Kaseya virtual systems administrator (VSA), a popular IT management and remote monitoring software. The attackers demanded a US$70mn (million) ransom for a universal decryption key, though they later reduced it to US$50mn. Kaseya quickly shut down VSA servers and worked with the FBI and cybersecurity experts to investigate. On 22 July 2021, Kaseya obtained a universal decryption key from a trusted third party and distributed it to affected customers. Interestingly, REvil mysteriously disappeared from the dark web shortly after the attack, leaving questions about whether law enforcement or rival hackers were involved.
 
Considering these real-life incidents, the premise of Zero Day from Netflix is not far from reality, as nation-states and cybercriminals continue to develop sophisticated attacks targeting critical infrastructure. While Zero Day might exaggerate for dramatic effect, it is a timely reminder that cybersecurity is not just a technical issue but a societal and political one as well.
 
Zero-day attacks are a genuine threat—and they can affect anyone, from large enterprises to everyday users. These attacks enable hackers to infiltrate systems without detection, steal sensitive data, disrupt business operations, and even cause financial or physical harm. Whether it is ransomware locking personal files or spyware monitoring your activities, the consequences of zero-day exploits extend well beyond large organisations and make awareness and prevention essential for everyone.
 
What Is Zero-day Vulnerability?
A zero-day vulnerability is a software or hardware security flaw unknown to the vendor or developer. As the developer or vendor has not discovered or fixed the issue, cybercriminals can exploit it to carry out attacks before a patch or update is available.
 
The term 'zero-day' comes from the fact that developers have had zero days (read: very short time) to fix the vulnerability once it becomes known or exploited. 
 
Attackers use zero-day exploits to take advantage of these weaknesses, often resulting in data theft or leakages like personal data and financial information, taking control of devices or networks, installing malware such as ransomware or spyware, disrupting services and turning off critical infrastructure.
 
Protecting against zero-day attacks is challenging since cybercriminals exploit vulnerabilities not even known to the developers or vendors. 
 
This means that there is absolutely no protection available from zero-day attacks. However, given the circumstances, implementing strong cybersecurity practices can significantly reduce the risk. 
 
Why Should This Interest You?
Common users often think they are not targets of zero-day attacks, but cybercriminals frequently exploit any vulnerability they can find, regardless of who it affects. 
 
Zero-day vulnerabilities can allow hackers to steal personal information like login credentials, financial data, or private messages. This could lead to identity theft or financial fraud.
 
Attackers can exploit zero-day flaws to take control of your devices—be it a smartphone, computer, or smart home gadget. They might install spyware, ransomware, or other malicious software without you even knowing. 
 
Zero-day exploits can give hackers access to your camera, microphone, or stored data, compromising your privacy and exposing sensitive information. Remember Pegasus?
 
If a zero-day vulnerability leads to ransomware, your files could be encrypted, demanding a ransom to unlock them. Even if you don't pay, recovering data and restoring systems can be time-consuming and costly.
 
Even if your device is not directly attacked, zero-day vulnerabilities in services you use, like social media, banking apps, or cloud storage, can still put your data at risk.
 
Here are a few suggestions to protect from zero-day attacks...
 
1. Updating software
Regularly update operating systems, applications, and firmware to ensure you have the latest security patches.
Enable automatic updates wherever possible to minimise gaps.
Prioritise patch management to quickly address known vulnerabilities.
 
2. Use robust security software
Install a reputable antivirus or internet security suite that includes real-time protection.
Enable automatic virus definition updates to stay protected against the latest threats.
 
3. Be cautious while opening links and downloading files
Never download attachments or click on links from unknown or suspicious sources.
Even if an email looks legitimate, double-check the sender's address and be wary of unexpected attachments.
Avoid downloading cracked software or apps from unofficial websites.
 
4. Use multi-factor authentication (MFA)
Enable MFA on your accounts, such as email, banking, and social media, to add an extra layer of security. Think about using authentication apps from Google or Microsoft. 
Even if attackers get your password, they will still need a second factor to access your account.
 
5. Install browser extensions for security
Use extensions that block malicious sites and phishing attempts, like uBlock Origin or HTTPS Everywhere.
Enable your browser's built-in security settings and block pop-ups.
 
6. Regularly backup critical and important data 
Use cloud backups or external drives to keep copies of all your important and critical files.
This way, if your system gets compromised, you can restore your data without paying ransom or losing valuable information.
 
7. Be wary of social engineering
Think twice before sharing personal information, especially if someone contacts you unexpectedly.
Remember, legitimate companies will never ask for your login details, password or one-time passcode (OTP) via email or phone.
 
8. Use strong, unique passwords
Create and use unique passwords for each account. You can also use a password manager. 
Avoid using the same password across multiple sites.
 
By following these simple steps, you can significantly reduce your chances of falling victim to zero-day attacks. 
 
Remember, zero-day vulnerabilities may sound like something from a Hollywood thriller, but they are a real and ongoing cybersecurity challenge. The good news is that you can significantly reduce your risk by staying informed, keeping your software up to date, and following smart online habits.
 
Stay Alert, Stay Safe!
Comments
Fraud Alert: Social Media E-shop Scams
Yogesh Sapkale, 13 March 2025
In today's digital age, the convenience of online shopping has revolutionised the way we purchase goods and services. However, this convenience has also opened the door to a surge in fraudulent activities, particularly fake or bogus...
Fraud Alert: Recovery of Hacked WhatsApp, Insta, FB, X & LinkedIn
Yogesh Sapkale, 07 March 2025
Earlier this week, Saumitra, a former colleague, sent messages to everyone alerting them of the hacking of his wife, Asmita's WhatsApp account. He also requested everyone not to respond to any message from her 'hacked' WhatsApp...
Free Helpline
Legal Credit
Feedback