Zero-Day Attack

What Is a Zero-Day Attack?

A zero-day attack, aka zero-day exploit, is when cybercriminals use a newly discovered software vulnerability to attack a system and steal data and/or cause damage to that system.

The name comes from the fact that hackers have only just discovered the vulnerability that makes the attack possible, meaning that the system’s developers and security providers have had zero days to patch or fix the issue.

2022 saw particularly high instances of hackers targeting Microsoft, Google, and Apple with zero-day attacks. When we consider the billions of users of these products around the world, it’s easy to see why. One successfully exploited zero-day vulnerability could provide access to a vast amount of data. This is why organizations race to patch zero-day vulnerabilities as soon as they become aware of them.

Why Are Zero-Day Attacks So Dangerous?

The fact that hackers discover a vulnerability before the software provider does is what makes zero-day attacks so dangerous. This means the software provider is suddenly fighting a reactive battle to reinstate their system security and understand the extent of the damage and data loss that has taken place.

When we look at the statistics, the danger that zero-day attacks poses becomes all the more clear. According to the Ponemon Sullivan Privacy Report, an average of 80% of successful breaches are due to zero-day attacks.

Not only that, but such attacks are becoming more common. Mandiant Threat Intelligence reports 80 zero-days exploited in the wild in 2021 – that’s more than double the previous record (from 2019), with 40% of all zero-day attacks taking place in 2021.

Mandiant tracked a further 55 zero-day vulnerabilities that it considered to be exploited in 2022, 53 of which provided hackers with either elevated privileges or the ability to execute code remotely across vulnerable devices. While the 55 vulnerabilities figure was a drop from the record-breaking 2021 number, it was still notably higher than in 2020 and previous years.

The other issue facing many businesses is the rising cost of these attacks. The Ponemon Sullivan Privacy Report reveals that the cost of successful zero-day attacks now averages $8.94 million, once the costs of IT staff resources, end-user productivity, and data theft are factored in.

How Does a Zero-Day Attack Work?

A zero-day attack becomes possible when hackers discover a zero-day vulnerability –  a loophole or attack vector that the software provider doesn’t know about. Hackers then create a zero-day exploit to compromise the provider’s systems using that vulnerability.

Zero-day exploits may involve the use of web browsers, bot attacks, email attachments, and phishing, with many carried out as part of blended threats, which use multiple attack vectors. 

These threats can be particularly effective as they combine system vulnerabilities with human ones. From a technical perspective, for example, many zero-day attacks make use of malware, including polymorphic malware that can bypass signature-based malware detection solutions. Meanwhile, the human element may involve hackers tricking employees into sharing sensitive information that can grant them unauthorized system access.

Combating such threats is an ongoing security headache for major enterprises. At the time of writing, for example, Apple has patched two new zero-days (the attacks were aimed at Macs, iPads, and iPhones) and a Windows zero-day vulnerability has been exploited by Nokoyawa ransomware – all within the last month. The latter demonstrated the power of a blended threat, with cybercriminals seeking financial gain by using zero-day exploits and ransomware together.

Who Are the Attackers of Zero-Day Exploits?

Different individuals and groups use zero-day exploits for a range of reasons. Hackers’ motivations are often financial, but some instead want to attract attention to a particular political or social campaign. Some bad actors also use zero-day attacks as part of cyberwarfare or corporate espionage.

The groups undertaking these attacks are scattered across the globe. According to Mandiant’s analysis of over two hundred zero-day exploits between 2012 and 2021, the primary actors were state-sponsored groups.

International cyber espionage is a key cause of this. It is believed to be behind at least thirteen zero-day exploits in 2022, seven of which were linked to Chinese state-sponsored actors and two to actors linked to North Korea.

It should be noted here that it is not always possible to establish the motivation of those behind zero-day attacks. However, where motivations were established for zero-day attacks carried out in 2022, more than 80% were attributed to cyber espionage.

Financial motivation is another driver of zero-day attacks, with cybercriminals often using ransomware when exploiting newly discovered vulnerabilities. Research into the motivations behind zero-day attacks in 2022, for example, found that 75% of financially motivated attacks involved ransomware. That said, the overall proportion of financially motivated zero-day exploits shrank during 2022, compared to data from previous years.

Typical Targets for a Zero-Day Attack

Cybercriminals carrying out zero-day attacks can target anything from operating systems to Internet of Things (IoT) devices. Software, hardware, firmware, and open-source components – in fact, any technology that is connected to the internet – has the potential to be remotely compromised with a zero-day exploit.

In terms of victims, some of the most common targets include:

• government departments
• political parties
• large businesses
• famous or high-profile people
• any individuals with access to valuable data

Individual device users may also be targets, particularly in cases involving cybercriminals building botnets. Given their widespread use, Apple, Microsoft, and Google are all common targets of zero-day attacks aimed at large groups of users. These firms spend billions of dollars each year strengthening their cybersecurity measures against zero-day attackers and other cybercriminals.

Examples of Zero-Day Attacks

One of the most recent zero-day attacks to make the headlines was the Twitter zero-day attack in 2022. A zero-day vulnerability led to the compromise of 5.4 million Twitter accounts, with a cybercriminal collecting confirmed email addresses, phone numbers, login names, screen names, locations, follower counts, and profile picture URLs.

A year before, LinkedIn was the target of a zero-day attack, which impacted more than 90% of its users. A hacker used LinkedIn’s API to scrape data belonging to 700 million of the site’s users and has since publicly released data sets belonging to 500 million of them.

Facebook, Marriott International, Alibaba, Yahoo, and a string of other international organizations have also been victims of zero-day attacks in recent years.

How to Protect Yourself from Zero-Day Attacks 

If you’re wondering how to defend against zero-day attacks and protect your business, there are several steps you can take to do so. Zero-day attack cybersecurity measures can include:

• Bug bounty programs: Large businesses often use these to reward those who uncover vulnerabilities and inform the business, rather than the hacker community.
• Vulnerability scanning: Security professionals and security software can help businesses scan for any flaws or vulnerabilities that might otherwise go unnoticed.
• Security software: From web application firewalls and intrusion protection systems to next-gen anti-virus solutions, businesses should ensure they have the latest systems in place as part of a robust cybersecurity system.

Businesses can also take steps with their outreach and education programs to ensure that they have a solid defense against zero-day attacks. Teaching users about phishing and other cybersecurity risks such as account takeover (ATO) attacks is one part of this. Another is ensuring that multi-factor authentication and a strong fraud monitoring system are in place, as strong confidence in user identification is an integral part of best-practice security.

Another key element in protecting against zero-day attacks is having a plan in place in case they occur. A rapid and carefully controlled response to a zero-day attack can help to minimize its impact in both financial and reputational terms. Such plans should include clear roles and reporting structures – including, of course, the reporting of any data breaches to the relevant authorities.

Related Terms

Related Articles

Sources