What Is a Zero-Day Vulnerability?
A zero-day vulnerability is a system or software vulnerability unknown to the vendor and for which no patch or means of mitigation are available at the time it is discovered. A zero-day attack occurs when threat actors develop and release malware that targets the zero-day vulnerability. By exploiting these security vulnerabilities, attackers can access critical systems and steal sensitive information.
Zero-day vulnerabilities pose a high risk to organizations because they are typically discovered before security researchers or software developers are aware of them and a patch can be released, allowing threat actors to exploit flaws and profit from their schemes.
How Zero-Day Attacks Work
A threat actor finds a system or software vulnerability, swiftly writes and implements an exploit code, and then deploys it to take advantage of a zero-day vulnerability. Threat actors often leverage social engineering attacks and exploit code to take advantage of vulnerable systems whenever a patch is unavailable for a zero-day vulnerability.
The combination of a vulnerability and targets' susceptibility to social engineering attacks explains why zero-day attacks are consistently very successful and present a significant security risk.
Examples of Zero-Day Attacks
Several well-known zero-day vulnerabilities have created significant problems.
Strontium, a Russian hacking syndicate, launched a spear-phishing campaign against the Democratic National Convention in 2016, sending spear-phishing emails that targeted Microsoft Windows and Adobe Flash vulnerabilities. These security flaws allowed attackers to install a backdoor through which they access a device's browser.
A zero-day vulnerability in Windows was discovered in January 2019, according to the Google virus-hunting team VirusTotal. This vulnerability allowed attackers to take advantage of how Windows authenticates file signatures. Via this vulnerability, attackers could slip a malicious file through Windows security by attaching it to a file already code-signed by Microsoft or Google.
Zero-Day Vulnerabilities vs. Zero-Day Exploits
Although both terms are used interchangeably, zero-day vulnerabilities occur when a flaw in software is unknown to the developer. Threat actors can develop a zero-day exploit if a patch is not released.
Zero-day exploits are usually disguised as malware or a bug; their deployment can be devastating for organizations until security measures are implemented to identify and block their progress.