What are Zero-Day Threatsby Iwan Price-Evans on Security • April 29, 2022
Zero-day threats are known or unknown vulnerabilities in software or systems that have no available mitigation. Cyber attacks can be targeted at these vulnerabilities, particularly if the vulnerability is publicly known. This is called a zero-day attack or zero-day exploit.
Zero-day threats are sometimes referred to as zero-hour threats. The 'zero' means that the developers have zero days or hours to fix it.
Zero-day threats / Zero-day vulnerabilities
Zero-day threats, or zero-day vulnerabilities, are created every day as the vast number of technology applications and systems constantly increases. Software applications and operating systems are constantly updated, or patched, by their developers who resolve vulnerabilities as they become known.
Cybercriminals are always on the lookout for zero-day vulnerabilities that they can exploit. A zero-day exploit is when an attacker has identified a zero-day vulnerability that they can exploit by launching a cyberattack.
Zero-day attacks become known when a member of the public or the developer identifies them. Developers and cybersecurity teams will then rush to create a patch to mitigate it.
How does a zero-day attack happen?
Vulnerabilities are flaws in software or hardware that have gone unnoticed by the developers. When the software or hardware is released the vulnerability may be unknown for any length of time, days, months, or even years.
Zero-day threats can come from any number of sources such as:
- Authentication flaws
- Broken algorithms
- Unencrypted data
- Weak passwords
As soon as an attacker identifies such a vulnerability they will release malware that is designed to exploit it. They will rush to release the malware before the developer of the system has time to fix the vulnerability. The attacker will continue to exploit the vulnerability until the developer patches it at which point it is no longer called a zero-day exploit.
Once the attacker's malware is delivered to the vulnerable system they have the potential to perform any number of malicious actions which could include:
- Stealing data
- Controlling the device
- Corrupting files
- Installing spyware or other malware
- Adding the device to a botnet
How to protect against zero-day threats
The nature of a zero-day threat is that it's not always identified until it's been exploited. So to protect yourself against the potential of a zero-day attack you can make sure you are using best practices in your software and system maintenance:
- Design secure applications following best practices
- Follow secure coding practices
- Test application security during development
- Always apply software and operating system updates, turn on auto-update options
- Remove unused applications because you're less likely to keep them updated which increases your vulnerability
- Ensure you are running an up-to-date firewall and anti-virus/anti-malware software.