A zero day is a computer software vulnerability either known to those who should be interested in its mitigation or known and without a patch to correct it. Until the vulnerability is mitigate hackers can affect programs, data, additional computers or network.
An exploit directed at zero day is called a zero day attack or zero day exploit. Zero day sometimes written as 0-day.
“Zero-day” is a broad term that describes recently discovered security vulnerabilities that hackers can use to attack systems. The term “zero-day” refers to the fact that the vendor or developer has only just learned of the flaw – which means they have “zero days” to fix it. A zero-day attack takes place when hackers exploit the flaw before developers have a chance to address it.
The words vulnerability, exploit, and attack are typically used alongside zero-day, and it’s helpful to understand the difference:
- A zero-day vulnerability is a software vulnerability discovered by attackers before the vendor has become aware of it. Because the vendors are unaware, no patch exists for zero-day vulnerabilities, making attacks likely to succeed.
- A zero-day exploit is the method hackers use to attack systems with a previously unidentified vulnerability.
- A zero-day attack is the use of a zero-day exploit to cause damage to or steal data from a system affected by a vulnerability.
How do zero day attacks work
Software often has security vulnerabilities that hackers can exploit to cause havoc. Software developers are always looking out for vulnerabilities to “patch” – that is, develop a solution that they release in a new update.
However, sometimes hackers or malicious actors spot the vulnerability before the software developers do. While the vulnerability is still open, attackers can write and implement a code to take advantage of it. This is known as exploit code.
The exploit code may lead to the software users being victimized – for example, through identity theft or other forms of cybercrime. Once attackers identify a zero-day vulnerability, they need a way of reaching the vulnerable system. They often do this through a socially engineered email – i.e., an email or other message that is supposedly from a known or legitimate correspondent but is actually from an attacker. The message tries to convince a user to perform an action like opening a file or visiting a malicious website. Doing so downloads the attacker’s malware, which infiltrates the user’s files and steals confidential data.
When a vulnerability becomes known, the developers try to patch it to stop the attack. However, security vulnerabilities are often not discovered straight away. It can sometimes take days, weeks, or even months before developers identify the vulnerability that led to the attack. And even once a zero-day patch is released, not all users are quick to implement it. In recent years, hackers have been faster at exploiting vulnerabilities soon after discovery.
Exploits can be sold on dark-web for large sums of money. Once an exploit is discovered and patched, it’s no longer referred to as a zero-day threat.
Zero-day attacks are especially dangerous because the only people who know about them are the attackers themselves. Once they have infiltrated a network, criminals can either attack immediately or sit and wait for the most advantageous time to do so.
Who carries out zero day attacks
Malicious actors who carry out zero-day attacks fall into different categories, depending on their motivation. For example:
- Cybercriminals – hackers whose motivation is usually financial gain.
- Hacktivists – hackers motivated by a political or social cause who want the attacks to be visible to draw attention to their cause.
- Corporate espionage – hackers who spy on companies to gain information about them.
- Cyberwarfare – countries or political actors spying on or attacking another country’s cyberinfrastructure.
Who are targets for zero day exploits
A zero-day hack can exploit vulnerabilities in a variety of systems, including:
- Operating systems
- Web browsers
- Office applications
- Open-source components
- Hardware and firmware
- Internet of things(IoT)
Even when attackers are not targeting specific individuals, large numbers of people can still be affected by zero-day attacks, usually as collateral damage. Non-targeted attacks aim to capture as many users as possible, meaning that the average user’s data could be affected.
Examples of Zero Day exploit
2021: Chrome zero-day vulnerability
A vulnerability was found in the popular video conferencing platform. This zero-day attack example involved hackers accessing a user’s PC remotely if they were running an older version of Windows. If the target was an administrator, the hacker could completely take over their machine and access all their files.
2020: Apple iOS
Apple’s iOS is often described as the most secure of the major smartphone platforms. However, in 2020, it fell victim to at least two sets of iOS zero-day vulnerabilities, including a zero-day bug that allowed attackers to compromise iPhones remotely.
How to be safe from zero day attack
For zero-day protection and to keep your computer and data safe, it’s essential for both individuals and organizations to follow cyber security best practices. This includes:
Keep all software and operating systems up to date. This is because the vendors include security patches to cover newly identified vulnerabilities in new releases. Keeping up to date ensures you are more secure.
Use only essential applications. The more software you have, the more potential vulnerabilities you have. You can reduce the risk to your network by using only the applications you need.
Use a firewall. A firewall plays an essential role in protecting your system against zero-day threats. You can ensure maximum protection by configuring it to allow only necessary transactions.
Within organizations, educate users. Many zero-day attacks capitalize on human error. Teaching employees and users good safety and security habits will help keep them safe online and protect organizations from zero-day exploits and other digital threats.