What Is a Zero-Day Attack?
As organizations and individuals around the globe shift their business and communication online, cybersecurity experts are constantly fighting against a growing number of threats. One of these threats, the zero-day attack, is on the rise and is particularly dangerous.
A zero-day attack is a weakness or flaw in a software system that the developers of the software aren’t aware of yet. This weak spot is discovered by a hacker, and once it’s discovered, developers have no time to patch the vulnerability before it’s attacked. This is why it’s called a “zero-day” attack: there are literally zero days to fix it.
Zero-day vulnerabilities are usually detected by a person outside the organization that created the software. This person inserts malicious code that’s able to exploit the vulnerability. The hacker then releases the exploit. Once the vulnerability has been disclosed, it’s called an n-day vulnerability. Publicly disclosed security flaws are called CVE, which is short for Common Vulnerabilities and Exposures.
Software developers have to work quickly to patch the flaws; otherwise, the system is left exposed. However, many times zero-day exploits aren’t discovered right away - the damage is done and the hacker is long gone before the developers are able to detect it and create a patch.
Zero-day vulnerabilities are on the rise in recent years, because the more code is written and published, the more chances there are to exploit that code. These attacks may expose critical files or result in data theft.
Who Is Most At-Risk of a Zero-Day Attack?
Anyone could potentially be targeted in a zero-day attack, depending on the type of data a cybercriminal is looking for. Individual internet users could fall victim to this type of attack if a hacker believes the individual possesses the type of valuable data or intellectual property they’re looking for, or could have a connection to a network where this information is stored.
Corporations are another hot source of zero-day vulnerabilities to exploit. In particular, organizations with sensitive financial or medical information, trade secrets, or security data are likely targets. Any company that uses email and a network could be a potential target, no matter whether it’s Microsoft or a small local startup.
Of course, government agencies are extremely vulnerable to zero-day attacks, but they may also use zero-day vulnerabilities to their advantage. They can obtain valuable insights about potential security risks such as hackers and organizations. In fact, government security agencies are driving a huge demand for zero-day vulnerabilities in order to leverage them for surveillance or cyberwarfare.
Who benefits from zero-day vulnerabilities? The exploits from a zero-day attack can bring in a lot of money, from a few thousand to several hundred thousand dollars, creating a highly lucrative market for these transactions. Markets for zero-day attacks include the white market, gray market, and dark market.
The white market is where organizations pay what are called “white-hat hackers” - otherwise known as an ethical hacker - to find software vulnerabilities so they can patch them up before criminal hackers have a chance to discover them.
In the gray market, data from zero-day attacks is sold to intelligence agencies, militaries, or other government organizations. This data could be used in a variety of ways, some legal and others less so.
The dark market, just like it sounds, is the place where criminal hackers gather to buy and sell information about vulnerabilities that will allow them to steal valuable data.
Famous Zero-Day Attacks
It may be hard to believe that zero-day attacks can happen at prominent software companies that employ a large team of cybersecurity engineers in addition to a strong development team. However, despite their robust security, these companies are targeted in zero-day attacks each year. They’re especially attractive because of their enormous user bases, offering hackers a wealth of data and selling opportunities on the dark market.
In 2020 Apple suffered a zero-day attack that took advantage of a vulnerability in iMessage. This allowed hackers to install spyware to gain remote access to mobile devices and listen to encrypted calls. Apple issued a patch to protect users from future “zero-click” attacks.
Social media giant LinkedIn reported a zero-day attack in 2021 that scraped the data of 700 million users, which make up 90 percent of the platform’s user base. Since then, the hackers have already released data on 500 million users, and have threatened to sell the rest.
Another prominent example happened in 2014 at Sony Pictures, where a zero-day vulnerability allowed hackers to install malware and damage files used in creating new films, which caused millions of dollars in damages.
Microsoft Windows has been infiltrated a number of times, most notably in 2019 in a large-scale attack targeting users in Eastern Europe. Back in 2017, a vulnerability in Microsoft Word was exploited and millions of users were targeted with trojan malware.
Even video call platform Zoom isn’t immune to attacks. Back in 2020, when Zoom started to gain popularity among remote workers during the pandemic, hackers were able to uncover a zero-day vulnerability in Windows 7 users, selling the code for half a million dollars.
How to Fix a Zero-Day Attack
As simple as it may sound, the number one solution to fixing a zero-day attack is by applying a software patch. Developers are generally able to identify exploits and apply patches quickly. However, on the user end, it’s crucial to keep software and browsers up to date in order to apply these security patches.
Companies are strategically investing in cybersecurity, putting it at the top of their priority lists in order to combat zero-day attacks. Cyberattacks are costing companies and governments millions of dollars, with the total cost growing from $1.4 billion in 2017 to $6.9 billion in 2021, and is projected to rise even further in the coming years.
Interested in joining the fight against zero-day attacks? In this fast-growing industry, now is an ideal time to transition to a cybersecurity career. Get the hands-on skills you need with Ironhack’s Cybersecurity Analyst Bootcamp! The bootcamp curriculum is aligned with the NICE-NIST Framework and is designed prepare you to work in roles like Cybersecurity Analyst, Forensics Analyst and Incident Responder.