Zero-day is a relatively new term that refers to a hacker attempting to exploit a newly found vulnerability in software immediately, meaning that the software vendor has had "zero days" to respond to the threat and update the vulnerability. Read on for an in-depth look at how Zero-day can be an avenue for hackers to attack systems.
The definition of Zero-day
A Zero-day attack occurs when the developer of a system has had zero days to fix a bug before cybercriminals have exploited it. It can also be referred to as 0-day.
Zero-day is often used in front of words like vulnerability, exploit and attack. However, these words refer to different aspects of Zero-day:
- A Zero-day vulnerability refers to the software vulnerability itself, which a cybercriminal has discovered before the developer of the software has had a chance to become aware of it. Thus, at this point, no update has been made to fix the vulnerability yet.
- The zero-day exploit, on the other hand, is the very method used by the cybercriminal to exploit the zero-day vulnerability as described above.
- A Zero-day attack is the result of Zero-day exploit, which is performed to damage or steal data from a system affected by a vulnerability.
What is zero-day attack and how does it work?
Typically, software has vulnerabilities that hackers exploit to attack businesses and individuals. Software developers are always looking for "holes" to patch in updates.
However, software developers may find that hackers get ahead of them and find the holes before they do. The moment the vulnerability is open, attackers can make and implement different code that gives the hackers an advantage in that they have access to software that was otherwise locked to outsiders. This kind of coding is called exploit code.
This exploit code can lead to more software users becoming victims of cybercrime - this could be identity theft, for example. As soon as hackers find a zero-day vulnerability, they have to go through it too. They do this most often with social engineering via email. In short, the hacker pretends to be someone else to trick you into trusting them and clicking on links they attach, or getting you to give up personal information. It downloads malware that infiltrates the software they want to access.
The software developers, of course, try to patch any holes in the software that give the hacker an entry point to infiltrate the system. They can detect it quickly and find a solution, but not all users are as quick to update their software. This gives the hacker extra time to infiltrate their software.
However, security vulnerabilities are not always detected immediately - it can take days, weeks or even months before it can be detected. This therefore gives the hacker free rein in the software, which they exploit to the fullest.
Hackers can sell the information on the dark web for large sums of money - usually paid in cryptocurrency as it is untraceable. However, you can't call it a zero-day attack once the vulnerability is discovered.
Zero-day attacks are especially dangerous because only the hackers themselves know about the vulnerability. Once they have infiltrated the system, they can exploit the fact that they are the only ones with access - and can recode the system to their advantage. Once hackers have infiltrated a network, they can choose to attack immediately or wait for the most opportune time when the network is most vulnerable.
Who is executing zero-day attacks?
There are several different categories of attackers when it comes to zero-day attacks:
- Cybercriminals, whose motivation is mostly financial.
- Hacktivists, who are most often motivated by a political agenda who wants attention for their cause
- Corporate surveillance, where hackers often monitor companies to gather information about them
- Cyber warfare, are countries and political actors spying on or attacking other countries' cyber infrastructure
Who are the victims of a zero-day attack?
There is not just one specific group of companies and systems that can be victims of zero-day attacks. This includes operating systems, internet browsers, hardware and firmware, and the like.
Potential victims of attacks are:
- People using vulnerable systems, such as browsers and operating systems
- People with access to company information and intangible assets.
- Hardware devices and firmware
- Large companies and organisations
- Government agencies.
- Policy and/or national objectives
It may also be easier to think of sacrifices in terms of conscious goals and unconscious goals. The conscious targets are potential and valuable victims; thecan be large companies and organisations. The more unwitting targets are typically the vulnerable systems that get hit, because the hacker finds it easier to infiltrate a system that already has holes in it.
How can you spot a zero-day attack?
Zero-day attacks can come in many shapes and sizes - which is why they can be harder to spot. Companies that are hit by a zero-day attack may experience unexpected traffic on websites or suspicious scanning from a customer or service.
One way to catch zero-day attacks is to use existing databases of malware and study how they operate so you can learn from them (even though zero-day attacks are so fast and new, you can still see how they operate).
Alternatively, there are some techniques that examine the characteristics of zero-day malware by looking at the codes and systems. They look at the interactions between existing software while detecting whether they originate from malicious software. By examining more interactions, you can also increase the likelihood of them being detected and even detect zero-day attacks.
How can you catch zero-day attacks?
There are several - and relatively easy - things you can do to intercept any attacks:
- Keep all software up-to-date so you have the latest versions with patches for any security holes
- Use only the most important applications and programs, because the more software you have, the greater the risk that the hacker can find a hole in them
- Use a firewall - firewalls protect your software and the browsers you use.
- Educate staff about malware and hackers - if you and your business become more aware of potential dangers, you'll know what to look for if the worst happens.
- Use anti-virus software, because just like firewalls, anti-virus programs protect you and your software from hackers and viruses.
Caroline is a copywriter here at Moxso beside her education. She is doing her Master's in English and specializes in translation and the psychology of language. Both fields deal with communication between people and how to create a common understanding - these elements are incorporated into the copywriting work she does here at Moxso.