What is a Zero-Day Exploit/Attack?
A zero-day exploit is what happens when a cyberattacker takes advantage of a security flaw in order to carry out their cyberattack. The term “zero-day” refers to the fact that the security flaw has just been discovered by a vendor or developer, which means they have “zero days” to fix it. If a cyberattacker manages to exploit the flaw before anyone has managed to repair it, a zero-day exploit/zero-day attack has occurred. Various zero-day definitions exist when referring to this phenomenon. The different definitions are:
Zero-day vulnerability. Also known as zero-day threat, is a software vulnerability that vendors or developers are unaware of, therefore no patches exist.
Zero-day exploit. A zero-day exploit is what happens when cyberattackers take advantage of a vulnerability, often through malware.
Zero-day attack. When cyberattackers use the zero-day exploit to cause damage and/or steal data, this is a zero-day attack.
Software often has security vulnerabilities, and software developers are always on the lookout for these vulnerabilities and developing security patches to address them. Security software vulnerabilities can include unencrypted data, bugs, broken algorithms, and weak passwords, to name a few. If a cyberattacker discovers a security vulnerability before it has been discovered by software developers, the cyberattacker can write code or purchase code from the dark web, and then implement code in order to take advantage of the security vulnerability- this is called exploit code. What cyberattackers often do with this security vulnerability is to deliver malware through it. Often, they do this through socially engineered email/phishing, where a victim is tricked into thinking that they are performing actions requested by a legitimate entity, but it is actually a cyberattacker. The victim may click on a link going to a malicious website, or download a file with malicious content, and these actions download the malware which infiltrates the victim’s confidential data and files. What cyberattackers do next is often related to their motives:
- Cybercriminals are often motivated by financial gain
- Hacktivists have political or social causes and are motivated to draw attention to them
- Corporate espionage attackers are motivated to gain information about a company through spying
- Cyberwarfare attackers are countries or independent political actors who are motivated to spy on or attack another country’s cyberinfrastructure as an act of war
Ensuing attacks can result in data being stolen, remote control of devices being commandeered, additional malware installations, files corrupted, contacts accessing and sending out spam messages, or spyware installed that steals sensitive information. Targets for zero-day exploits are operating systems, web browsers, office applications, hardware, firmware, open-source components, and IoT devices. In order to protect yourself from security vulnerabilities and zero-day exploits:
- Keep software up to date, ensuring that security patches are installed as soon as they are released.
- Limit applications because the more applications that you have downloaded- the more potential vulnerabilities you have.
- Use a firewall to monitor and block suspicious activity.
- Educate yourself and your staff on security habits and cyber threats.
- Use antivirus software to protect against known and unknown threats.