← Back to Glossary

What are Zero-Day Threats

by Iwan Price-Evans on Security • April 29, 2022

Zero-day threats are known or unknown vulnerabilities in software or systems that have no available mitigation. Cyber attacks can be targeted at these vulnerabilities, particularly if the vulnerability is publicly known. This is called a zero-day attack or zero-day exploit.

Zero-day threats are sometimes referred to as zero-hour threats. The 'zero' means that the developers have zero days or hours to fix it.

Zero-day threats / Zero-day vulnerabilities

Zero-day threats, or zero-day vulnerabilities, are created every day as the vast number of technology applications and systems constantly increases. Software applications and operating systems are constantly updated, or patched, by their developers who resolve vulnerabilities as they become known.

Zero-day exploits

Cybercriminals are always on the lookout for zero-day vulnerabilities that they can exploit. A zero-day exploit is when an attacker has identified a zero-day vulnerability that they can exploit by launching a cyberattack.

Zero-day attacks

Zero-day attacks become known when a member of the public or the developer identifies them. Developers and cybersecurity teams will then rush to create a patch to mitigate it.

How does a zero-day attack happen?

Vulnerabilities are flaws in software or hardware that have gone unnoticed by the developers. When the software or hardware is released the vulnerability may be unknown for any length of time, days, months, or even years. 

Zero-day threats can come from any number of sources such as:

  • Authentication flaws
  • Broken algorithms
  • Unencrypted data
  • Weak passwords

As soon as an attacker identifies such a vulnerability they will release malware that is designed to exploit it. They will rush to release the malware before the developer of the system has time to fix the vulnerability. The attacker will continue to exploit the vulnerability until the developer patches it at which point it is no longer called a zero-day exploit.

Once the attacker's malware is delivered to the vulnerable system they have the potential to perform any number of malicious actions which could include:

  • Stealing data
  • Controlling the device
  • Corrupting files
  • Installing spyware or other malware
  • Adding the device to a botnet

How to protect against zero-day threats

The nature of a zero-day threat is that it's not always identified until it's been exploited. So to protect yourself against the potential of a zero-day attack you can make sure you are using best practices in your software and system maintenance: