You may not think twice about the software you use to run your computers and devices, but behind the interface is highly complex code that may have taken a large team of developers years to write and finetune. Despite their best efforts, developers can miss software flaws. While some flaws only affect user experience, others are far more serious.
A zero-day flaw is any software vulnerability exploitable by hackers that doesn't have a patch yet. The software developers may either not know of the weakness, are developing a fix for it, or are ignoring it. As you can imagine, such a vulnerability can result in a critical cybersecurity breach.
Why is it called zero-day?
Many people want to know why experts call this type of computer exploit a zero-day vulnerability rather than anything else. Admittedly, there’s a bit of sarcasm behind the name. People in the computing world refer to it as a zero-day attack — because the software creators have zero days to respond after hackers have taken advantage of it. It’s sort of like shutting the barn door after the wolf has already been inside. Sure, you can prevent future attacks, but that's of little comfort to the missing sheep.
After the zero-day vulnerability is made public, it’s no longer a zero-day flaw — it’s just a vulnerability. Usually, manufacturers will burn the midnight oil to develop a patch to fix the weakness as soon as they know about it.
How are zero-day bugs discovered?
With manufacturers working overtime to minimize vulnerabilities, you'll notice your software updates pretty regularly. Sometimes security updates even release on the same day as the software debuts. While developers like to find security holes internally, they also don’t mind some outside help.
White hat hackers
White hat hacker is an archaic term for an ethical hacker. Companies hire such specialists to enhance network security. Identifying potential zero-day bugs can be part of the job.
Grey hat hackers
Grey hat hackers are like white hats, except they're not working in an official capacity. Such hackers may try to find zero-day bugs in hopes of landing a job with the company, gaining notoriety, or just for entertainment. A grey hat hacker never takes advantage of any flaws they discover. An example is when a hacker exploited a vulnerability in the cryptocurrency platform Poly Network to take $600 million worth of tokens before returning the sum.
Many software companies host hacking events and pay hackers cash and prizes for finding exploits. Here, hackers find flaws in operating systems, web browsers, and apps for mobile devices and computers. A recent and example of this is when two Dutch security specialists took home $200,000 for a Zoom zero-day discovery at Pwn2Own.
Researchers from cybersecurity companies like Malwarebytes look for exploits as part of their job. When researchers find an exploit before cybercriminals, they usually report it to the manufacturers before making it public. By giving manufacturers a head start, researchers can minimize the chances of hackers launching zero-day attacks.
How are zero-day attacks discovered?
A software user realizes that they’re the target of a zero-day attack when their system behaves unusually or when a hacker uses the exploit to drop threatening malware like ransomware. Researchers can also uncover a zero-day attack after an event. For example, after the state-sponsored Stuxnet attack on Iran, researchers worldwide realized it was a zero-day worm attack. Sometimes, a zero-day attack is recognized by a manufacturer after a client reports unusual activity.
Are zero-day attacks common?
Zero-day attacks like the Stuxnet worm strike have specific targets and don’t affect regular computer users. Meanwhile, reputable companies like Microsoft, Apple, and Google, usually fix zero-days as soon as possible to protect their reputations and their users. Often, a fix is out before the average user is affected. Still, zero-days shouldn’t be taken lightly because their impact can be seriously damaging.
How does a zero-day attack happen?
- Identification: Hackers find unreported vulnerabilities in software through testing or by shopping on black markets in the underbelly of the Internet like the Dark Web.
- Creation: Threat actors create kits, scripts, or processes that can exploit the newly found vulnerabilities.
- Intelligence: The attackers already have a target in mind or use tools like bots, probing, or scanners to find profitable targets with exploitable systems.
- Planning: Hackers gauge the strength and weaknesses of their target before launching an attack. They may use social engineering, spies, or any other tactic to infiltrate a system.
- Execution: With everything in place, the attackers deploy their malicious software and exploit the vulnerability.
How to mitigate zero-day attacks
Stopping attackers from exploiting unknown vulnerabilities to breach your system is undoubtedly challenging. It’s critical to close threat vectors that a threat actor can use to infiltrate your network with layers of protections and safer practices. Here are some tips that may help you detect and prevent unknown threats:
- Don’t use old software. Hackers can more easily create exploits for software that the vendor no longer supports.
- Use advanced antivirus tools that feature machine learning, behavioral detection, and exploit mitigation. Such features can help your cybersecurity tools stop threats with unknown signatures.
- In companies:
- Train employees to identify social engineering attacks like spear-phishing that hackers can use as an attack vector.
- Adopt Endpoint Detection and Response (EDR) solutions to monitor and secure your endpoints.
- Enhance network security with firewalls, private VPNs, and IPsec.
- Segment your networks with robust network access controls.
News on zero-days
- Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend
- Windows Installer vulnerability becomes actively exploited zero-day
- Patch now! FatPipe VPN zero-day actively exploited
- Patch now! Microsoft plugs actively exploited zero-days and other updates
- Google patches zero-day vulnerability, and others, in Android
- Patch now! Apache fixes zero-day vulnerability in HTTP Server
- Update now! Google Chrome fixes two in-the-wild zero-days
- Apple releases emergency update: Patch, but don’t panic
- HiveNightmare zero-day lets anyone be SYSTEM on Windows 10 and 11
- PrintNightmare 0-day can be used to take over Windows domain controllers
- Microsoft fixes seven zero-days, including two PuzzleMaker targets, Google fixes serious Android flaw
- Zoom zero-day discovery makes calls safer, hackers $200,000 richer