WatchGuard Blog

What to expect from a zero-click attack

We hear time and time again that humans are the biggest vulnerability in cybersecurity. For instance, the 2023 Verizon Data Breach Investigations Report (DBIR) states that 74% of data breaches investigated were caused by human error, such as social engineering attacks, flaws or misuse of systems.

Recently a different type of threat known as zero-click malware has gained prominence and what sets this insidious type of malware apart is that does not require user interaction and can silently compromise devices and networks.

What are zero-click attacks?

Zero-click hacks differ from other cyberattacks in that they do not require any participation from the target user. These attacks can infect a device without the user clicking on a malicious link, opening an attachment or installing an unwanted program. They are particularly dangerous because they are difficult to detect and prevent plus they enable hackers to stay in a system for a prolonged time period, exfiltrating data, eavesdropping on communications or planning new offensives. How do these attacks occur? Zero-click hacks follow the following steps:

  • Cybercriminals exploit vulnerabilities in applications and operating systems.
  • Malicious code is easily hidden in emails, text messages, PDF files, images and text.
  • Once they gain access, the code is activated and infects the device with spyware to access data on the device, including sensitive emails, phone calls, text messages, system logins and more.

Recently, a critical vulnerability was found in more than 5,300 GitLab instances exposed on the Internet. This flaw allowed threat actors to send password reset emails for a specific account to an email address controlled by them. They then changed the password and took control of the account. Although this flaw did not enable hackers to get round two-factor authentication (2FA), it was a significant threat to accounts that were not protected by this additional security mechanism.

In December 2023, researchers discovered two security vulnerabilities in Microsoft Outlook which, once combined, enabled cybercriminals to execute arbitrary code on affected systems without requiring the user to click on anything. 

How can you protect yourself from a zero-click attack?

To defend yourself against zero-click malware, it’s important to adopt a proactive, multi-layered cybersecurity approach. The following strategies are recommended for this purpose:

  • Use MFA: MFA adds an extra layer of security that can safeguard against zero-click attacks. If an attacker obtains your credentials through a vulnerability in known software, this technology can prevent them from using those credentials to log into your accounts and carry out another type of attack. As in the GitLab attack, MFA can make a difference because the hacker would also need the second authentication factor to successfully continue the attack. 
  • Perform regular software updates and apply patches: To reduce the risk of zero-click hacks, it is crucial to keep software up to date and apply patches on a regular basis. Developers release updates frequently to address vulnerabilities, and users should install these updates in a timely manner to close potential entry points for attackers.
  • Implement advanced endpoint security: Advanced endpoint security solutions have the ability to detect and prevent zero-click attacks by analyzing system behavior, identifying anomalous activity and blocking attempts to execute suspicious code.
  • Segment networks: Segmenting networks allows for the isolation of critical segments by decreasing the lateral movement of malware and its potential negative impact. By establishing strict access controls based on user roles, it is possible to limit the damage in the event of a "zero-click" attack

If you want to learn more about how to defend against advanced threats, check out our blog post below: