October 31, 2019

What is a Zero Day Attack?.

Perception Point Research

A zero day attack (also known as a zero day exploit) is one that leverages a software vulnerability that is either unknown or unaddressed by the software vendor; for example, bugs in Microsoft Office apps or Adobe Reader.

Why is it called a Zero Day Attack?

In the software world, “day zero” is the day the vulnerability is discovered by the vendor and up until that day it is known as a zero day vulnerability. The logic behind this term is that the vendor has 0 days to patch the bug. In most cases, zero day attacks occur when the flaw or security issue is discovered by a sophisticated malicious third party, typically criminal or state-sponsored, and exploited before the software developer has had a chance to discover or fix it.

When technically-oriented users discover an issue with their software – they can take one of two main actions:
– Discretely notify the developer of the bug, allowing the vendor to close the potential security gap. This can be done on a voluntary basis, or in a more rewarding way, via bug bounty programs offered by the software vendor. After the vendor patches the bug, the user who found it will usually post it online to demonstrate his capabilities.
– Post it online immediately (without giving the developer enough time to patch it) for general research or for a less noble reason – to gain publicity. This is usually considered an “immoral” action as it provides an opening for attackers and puts the system at risk.
– Use it for criminal gain, which can result in significant risk and damages to personal users, employees, companies, and even state systems.

Why Zero Day attacks are so dangerous

Zero day vulnerabilities are especially dangerous because they’re unknown, and therefore difficult to prevent – it’s like a new (malicious) invention that no one has seen before.

In many cases, these vulnerabilities are found by the vendor itself via its own employees looking for these bugs, and resolved without needing to inform the public before the gap is closed and a patch is released. However, the more troubling way is that in some instances, the vulnerability is found only after an attack or breach has occurred. In other words – the vendor has to reverse engineer a successful attack that already hit their clients.

How does a Zero Day exploit happen?

Despite the popular Hollywood portrayal of skilled hackers, most of their work involves exploring software to find gaps in security. This can be done by analyzing software codes, reading blogs online, and even reading university publications. Once they find a promising lead, their next step is to determine if it can be exploited – this is a crucial step of the process since not all bugs can be used to actually execute a successful attack. This involves probing the vulnerability with different methods and understanding it.

Once they determine what the vulnerability is, hackers usually develop what is known as an exploit code, a small function that can be included in other seemingly innocuous applications and unleashed at the right time. With this in hand, the attackers can now go out and infiltrate their targets.

A highly successful zero day attack will be one that not only gained its initial target – but one that stayed in the shadows for years before being discovered.

Zero Day Attack Example

A good example of a zero day attack in recent times is the BlueKeep, a critical vulnerability in Microsoft’s Remote Desktop Protocol (RDP). The reason this threat is highly risky is that it can be abused to create a “worm-like” attack that spreads from computer to computer without requiring user interaction. This “worm” nature of the threat has the potential to create serious damage, as previously seen in the infamous WannaCry attack that hit, amongst many others, the NHS in the UK, Nissan Motor, Renault, Telefónica, FedEx, and more.

But beyond the risk that this zero day posed when discovered, is the fact that it is expected to take up to a decade until companies will actually have updated their software with the new patch.

Contact Us

Connect with our team to:
* Learn more
* Get a live demo
* Get a quote
* Set up a free 30 day trial

We will respond to your enquiry within 24 hours.

Link has been copied to your clipboard!