What is a Zero-Day Attack? The Rise and Rise of Attacks on Software Vulnerability

Code on a computer screen

In cybersecurity circles, the term “zero-day” always seems to elicit concerned sighs and furrowed brows. And rightly so – a zero-day exploit can be incredibly dangerous.

Even typically well-defended networks can fall afoul of sneaky zero-day vulnerabilities. They’re able to evade traditional antivirus controls by their very nature, so without the right measures in place, internet users are sitting ducks.

So, what is a zero-day attack, exactly? How do they relate to the wider internet threat landscape? And – most importantly – how can networks like yours fend them off?

Is a Zero-Day Attack a Threat, or Vulnerability?

Demonstration of a software vulnerability that can be exploited by zero day attaks

Every piece of software that you use on your PC is likely to have security vulnerabilities hidden somewhere. Though mainstream software vendors generally do a good job of identifying security gaps and developing patches that close them off, keeping all users safe isn’t always an exact science.

Sometimes security holes emerge from areas of code that were previously thought to be totally safe, possibly due to an operating system update or a change of hardware.

Sometimes older, unsupported software versions or operating systems are used to ensure compatibility with older hardware.

On other occasions, users simply resist updating their software or it starts being used in ways that the provider was unprepared for.

Or it can just be that software providers are blissfully unaware of exploitable security gaps within their code!

Zero-day attacks are targeted exploits designed to take advantage of specific security flaws within widely-used software.

They’re typically packaged as malware, and can carry out all manner of deleterious chaos: installing ransomware, keyloggers, worms, spyware, bots, rootkits, or a combination of threats daisy-chained together. They can even steal, leak, or tamper with sensitive data – a GDPR nightmare!

The name “zero-day” refers to the number of days that a patch has existed for these flaws – in this case, zero. Once the vulnerability is patched by the software company, it no longer counts as a zero-day vulnerability.

Why are Zero-Day Exploits so Dangerous?

A hacker carrying out a zero-day attack

Because zero-day threats haven’t been patched yet (for whatever reason) they remain at large until a “cure” is developed. However, finding and releasing a patch isn’t necessarily the end of the story for the piece of malware.

End users still have to update their software in order for the patch to take effect, so the threat can still run rampant online until the software’s entire user base has the patch installed.

Cybercriminals are always coming up with new and inventive ways to compromise IT systems, so zero-day exploits are constantly popping up, getting noticed, and being quashed through patching. It’s like cybercrime whack-a-mole.

It’s also worth remembering that standard antivirus software merely detects known threats (called “signature-based” detection). Therefore, most mainstream antivirus packages are totally unable to detect zero-day threats until they become known. After all, you don’t know what you don’t know.

These three factors mean that the fight against zero-day threats isn’t particularly straightforward. And to compound the issue, zero-day vulnerabilities are seeing a huge upward trend.

Half of all malware detected in 2019 consisted of unknown, zero-day exploits. A FireEye analysis found that cybercriminals harnessed more zero-day threats in 2019 than in any of the previous three years. But why?

4 Reasons Why Zero-Day Attacks Are on the Rise

zero day attacks are on the increase

1. Zero-Days are Big Business

Nowadays, anyone with access to the dark web and some cryptocurrency to spare can lay their hands on a zero-day exploit “kit”. For a fee, unscrupulous hackers can provide you with all of the tools needed to start sending out new, targeted malware and infecting machines worldwide.

The commodification of zero-day exploits is now shockingly sophisticated. Malware vendors are starting to operate like legitimate firms, maintaining a carefully manicured brand presence and teams of trained “support” staff. They even provide “customer-facing” call centre functions to take victims’ ransomware payments.

Basically, if you’ve got the cash, then malware vendors have an exploit for you, regardless of your level of tech knowhow. Security provider FireEye puts it particularly astutely – “Zero-day exploitation increasingly demonstrates access to money rather than skill”.

2. Zero-Days Give Criminals the Upper Hand

Because it takes a while for a software company to identify and patch zero-day vulnerabilities, there is naturally an interim period where the cyber attacker has the advantage.

From the criminal’s perspective, as soon as their zero-day exploit is sent out into the wild, the clock starts ticking to make the endeavour worth their while. Once their zero-day gets patched out, the profits start drying up.

How they make money from their zero-day exploit will depend heavily on the kind of malware being released.

Ransomware distributors will try to encrypt as many machines as possible to maximise incoming ransom payments, while distributors whose malware steals data or access credentials will want to achieve maximum possible coverage, harvesting large swathes of data for resale on the digital black market.

Other than engineering a fix, there’s little that the legitimate software vendors and antivirus providers can do while the zero-day is out there running rampant.

3. Vulnerabilities are Everywhere

Unfortunately, a lot of business-essential software on the market is chock full of exploitable potential. Whether it’s your operating systems, productivity suite, accounting package, or a piece of industry-specific software, there are likely to be juicy security flaws sitting somewhere, nestled deep within their code.

Software vendors do try to address any security gaps where possible – both on release and through later patches – but oftentimes there are still unpredictable, exploitable holes lying dormant in the background.

It only takes a cybercriminal to pick one of these gaps – possibly at random – and develop (or purchase) malware to carry out their devious plans.

4. AI & Automation Make Cybercrime Easy

There are already relatively hands-off ways that cybercriminals turn known exploits into zero-day attacks by changing the file’s appearance and size. And just as we’re seeing more applications for artificial intelligence and automation in our own lives, so are cybercriminals.

We need to consider the very real danger that cybercriminals will soon use automated, AI-driven tools to identify new vulnerabilities, formulate unique attacks en masse, and even disseminate them in plain sight.

How To Stay Safe Against Zero-Day Attacks

But enough of the doom and gloom – you want solutions. Here are three ways that you can keep zero-days at bay.

Stay Vigilant

Regardless of the security solutions you already use, keeping yourself up to date on the latest threats is always advisable, as is proactively maintaining network-wide software updates and antivirus definitions.

We recommend that you keep an eye on the National Cyber Security Centre’s weekly threat reports. They’re short, digestible articles that provide up to date information about current cyber-risks so you can stay alert.

You may also want to pay attention to IT security matters covered in other publications like WIRED, The Verge, The Register, and Bleeping Computer.

Understandably this isn’t a completely foolproof approach as zero-day threats can still slip through the cracks, but in cybersecurity forewarned is often forearmed.

sandboxing solutions to zero-day threats

Sandboxing Solutions

Though sandboxing does come with an added expense, it’s one of the most watertight ways to keep zero-day threats in their place.

Traditional antivirus solutions can only scan for known threats, but sandboxing effectively sidesteps this problem.

Sandboxing works by opening unchecked, incoming files in a securely isolated, virtual PC environment and observing how they behave. If the file releases malware, causes the virtual system (the “sandbox”) to become unstable, or otherwise acts in a potentially harmful manner, then your network users are prevented from downloading it.

However, if nothing unexpected happens when a file is examined in the sandbox, then it’s allowed to enter your network.

We recently reviewed sandboxing in detail on our blog, along with the sandboxing solution we recommend – SonicWall’s Advanced Gateway Security Suite (AGSS).

You can learn much more about AGSS by going to our SonicWall Firewall Licences page, selecting your firewall model and choosing an Advanced Gateway Security Suite licence.

AI-Powered Antivirus Software

Cybercriminals are increasingly using artificial intelligence to help them identify and produce cyber exploits of all kinds.

AI-driven antivirus solutions effectively enable organisations like yours to fight fire with fire. Solutions like WatchGuard’s IntelligentAV use AI and machine learning to predict threats and proactively protect your users.

Want to learn more about keeping your organisation safe from zero-day attacks?

Drop us a line for your FREE cybersecurity health check!

Our experts will talk through your current network security measures and provide free advice where possible. There’s no obligation to buy anything from us – in fact you may not need to spend a single penny!

Get in touch with the team today on 0808 1644414 or request a call back.