You may have heard about zero-day exploits, but what are they, and why do they occur? An attack begins with a vulnerability that the manufacturer or vendor doesn’t know about. This flaw can be in software programs, operating systems, hardware devices, connected services, IoT devices, and more. When exploited by a hacker, these weaknesses can cause major problems for individuals and large corporations.
When a hacker learns of a vulnerability, they can create an exploit (malicious program) to take advantage of the flaw. When they run the exploit against the targeted system, it can be called a zero-day attack because the vendor didn’t know about it and its programmers had zero days to fix it.
It’s also possible that a potential hacker chooses to disclose the vulnerability to the manufacturer, usually in exchange for recognition, a bounty, or both.
Vulnerability: A hacker finds a vulnerability and doesn’t tell the vendor.
Exploit: The hacker creates a malicious program.
Attack: The hacker releases the program into the vulnerable system.
Day zero: The day the vendor finds the problem and starts working on a patch.
It all starts with a vulnerability
As mentioned above, a vulnerability is unknown to the developer or vendor. It’s a flaw inside software programs, hardware devices, connected services, or operating systems that allows an attacker to perform actions that are beyond the scope of their permissions. When this security hole remains unknown to the manufacturer or publisher, hackers can develop an exploit and use the flaw as an entry point to attack the vendor or its customers.
Until the vendor creates a patch to fix the flaw, it continues to be called a zero-day vulnerability. When it does become known by the vendor, they must work quickly to fix it to minimize any possible damage. Once a patch is created, it is no longer considered a zero-day.
EXAMPLE: Denny is a hacker who found a bug in the most current version of Apple’s iOS. No one, not even Apple, knows about the bug. He studies it to figure out a way to exploit it. Being able to break into iOS is a hacker’s dream because it could give them the power to take over an iPhone remotely without the owner’s permission, pinpoint the owner’s location, get access to telephone calls, read text messages, or spy on the owner with the iPhone camera and microphone.
What is the impact of the attack?
The damage an attack can cause is proportional to the type of victim that is affected. It could have a minor impact on a single individual that goes no further than one streaming account. Or it could have a major impact by targeting a corporate employee who has access to classified documents and compromise the entire corporate network.
Once the exploit is written, hackers can con people into downloading it by getting them to open an infected document in a phishing email or by visiting an infected website where the malicious zero-day exploit program automatically downloads to their system. Attacks can capture login credentials, access bank accounts, extract information needed for identity theft, install ransomware, or acquire personally identifiable information (PII).
Attacks can also:
Trick users into downloading an infected document that installs spyware
Gain access to corporate resources using the victim’s hijacked credentials
Elevate corporate permissions within a corporate network
Deface assets the victim may be an administrator for
Who is behind an attack, and why do they do it?
There are several different groups of people who routinely perform these kind of attacks:
Cyber warfare experts
Hackers for political causes (“hacktivists”)
The exploit can be sold on the dark web, to a broker, or to a spy agency or government to monitor their enemies (or even their citizens).
Why attacks are getting more common
Keeping corporate and personal systems safe and secure from hackers gets more challenging every day. Because of the proliferation of connected devices and the increase in distributed teams, attacks are no longer a rare occurrence. The increasing attack surface has led to an increase in known vulnerabilities over time, as shown by this data.
Hackers have many attack vectors to choose from. Many people own a smartphone, a laptop, and a tablet in addition to a work computer that they use remotely, and many companies manage multiple applications across their employee population. Because of this, staying protected from this kind of attack is difficult. Hackers are out there looking for vulnerabilities, and when they find one, they can take advantage of it before anyone else knows about it.
Once the vendor discovers the flaw, they can issue a patch and solve the problem. But the hacker may have already done damage.
Sometimes, people or corporations don’t take the time to update systems or software. Don’t let that happen to you. Remember to be proactive. Keep an eye out for new releases, updates, and patches that come your way. And most important, install comprehensive software that protects against known and unknown threats.