Dictionary

Zero Day Attack

What Is a Zero-Day Attack?

A zero-day attack, aka zero-day exploit, is when cybercriminals use a newly discovered software vulnerability to attack a system and steal data and/or cause damage to the system.

The name comes from the fact that hackers have only just discovered the vulnerability that makes the attack possible, meaning that the system’s developers and security providers have had zero days to patch or fix the issue.

Why Are Zero-Day Attacks So Dangerous?

The fact that hackers discover a vulnerability before the software provider does is what makes zero-day attacks so dangerous. This means the software provider is suddenly fighting a reactive battle to reinstate their system security and understand the extent of the damage and data loss that has taken place.

When we look at the statistics, the danger that zero-day attacks poses becomes starkly apparent. According to the Ponemon Sullivan Privacy Report, an average of 80% of successful breaches are due to zero-day attacks.

Not only that, but such attacks are becoming more common. Mandiant Threat Intelligence reports 80 zero-days exploited in the wild in 2021 – that’s more than double the previous record (from 2019), with 40% of all zero-day attacks taking place in 2021.

The other issue worrying many businesses is the rising cost of these attacks. The Ponemon Sullivan Privacy Report reveals that the cost of successful zero-day attacks now averages $8.94 million, once the costs of IT staff resources, end user productivity, and data theft are factored in.

How Does a Zero-Day Attack Work?

A zero-day attack becomes possible when hackers discover a zero-day vulnerability –  a loophole or attack vector that the software provider doesn’t know about. Hackers then create a zero-day exploit to compromise the provider’s systems using that vulnerability.

Zero-day exploits may involve the use of web browsers, email attachments, and phishing, with many carried out as part of blended threats, which use multiple attack vectors. Many zero-day attacks make use of malware, including polymorphic malware that can bypass signature-based malware detection solutions.

Who Are the Attackers of Zero-Day Exploits?

Different individuals and groups use zero-day exploits for a range of reasons. Hackers’ motivations are often financial, but some instead want to attract attention to a particular political or social campaign. Some cybercriminals also use zero-day attacks as part of cyberwarfare or corporate espionage.

The groups undertaking these attacks are scattered across the globe. According to Mandiant’s analysis of over 200 zero-day exploits between 2012 and 2021, the primary actors were state-sponsored groups.

Typical Targets for a 0 Day Attack

Cybercriminals carrying out zero-day attacks can target anything from operating systems to IoT (Internet of Things) devices. Software, hardware, firmware, open-source components, or anywhere that is connected to the internet has the potential to be remotely compromised with a zero-day exploit.

In terms of victims, some of the most common targets include:

·  government departments

·  political parties

·  large businesses

·  famous or high-profile people

·  any individuals with access to valuable data

Individual device users may also be targets, particularly in cases involving cybercriminals building botnets. Given their widespread use, Apple, Microsoft, and Google are all common targets of zero-day attacks aimed at large groups of users.

Examples of Zero-Day Attacks

One of the most recent zero-day attacks to make the headlines was the Twitter zero-day attack in 2022. A zero-day vulnerability led to the compromise of 5.4 million Twitter accounts, with a cybercriminal collecting confirmed email addresses and phone numbers, login names, screen names, locations, follower counts, and profile picture URLs.

A year before, LinkedIn was the target of a zero-day attack, which impacted more than 90% of its users. A hacker used LinkedIn’s API to scrape data belonging to 700 million of the site’s users and has since publicly released data sets belonging to 500 million of them.

Facebook, Marriott International, Alibaba, Yahoo, and a string of other international organizations have also been victims of zero-day attacks in recent years.

Reduce Fraud Rates by 70–90%

Partner with SEON to reduce fraud rates in your business with real-time data enrichment, whitebox machine learning, and advanced APIs.

Ask an Expert

How to Protect Yourself from Zero-Day Attacks 

If you’re wondering how to defend against zero-day attacks and protect your business, there are several steps you can take to do so. Zero-day attack cybersecurity measures can include:

·  Bug bounty programs: Large businesses often use these to reward those who uncover vulnerabilities and first inform the relevant business rather than the hacker community.

·  Vulnerability scanning: Security professionals and security software can help businesses to scan for any flaws or vulnerabilities that might otherwise go unnoticed.

·  Security software: From web applications, bot mitigation software, firewalls and intrusion protection systems to next-gen anti-virus solutions, businesses should ensure they have the latest systems in place as part of a robust cybersecurity system.

·  Fraud monitoring alerts: Having the right software in place, such as transaction monitoring technology, is key to ensure that any signs of zero-day attacks are detected and put to your attention.

Businesses can also take steps with their outreach and education programs to ensure that they have a solid defense against zero-day attacks. Teaching users about phishing and other cybersecurity risks is one part of this. Another is ensuring that multi-factor authentication (MFA) is in place, as strong confidence in user identification is an integral part of best-practice security.

Another key element in protecting against zero-day attacks is having a plan in place in case they occur. A rapid and carefully controlled response to a zero-day attack can help to minimize its impact in both financial and reputational terms. Such plans should include clear roles and reporting structures – including, of course, the reporting of any data breaches to the authorities.