What is a Zero-Day Exploit?

A “zero-day” or “0Day” in the cybersecurity biz is a vulnerability in an internet-connected device, network component or piece of software that was essentially just discovered or exposed. The whole idea is that this vulnerability has zero-days of history.

So what does this mean?  Why is it important?

Zero-day vulnerabilities are the hardest kind of vulnerability to protect against because no security company and very few, if any, anti-virus software packages are prepared to handle them or the malware that attempts to exploit them. There are no patches available to solve the issue and no other mitigation strategies because everyone just found out about the darn thing!  Unfortunately, it is often easier and faster for cybercriminals to take advantage of these vulnerabilities than it is for the good guys to shore up defenses and prevent the vulnerability from being exploited.

For example, in early 2017 a cybercriminal group called the Shadow Brokers leaked a package of Microsoft Windows vulnerabilities that were known to the NSA but not to anyone else, including Microsoft. Even though the vulnerabilities had been previously known to the NSA, they were considered zero-day exploits because the general public and the company whose software was impacted was not aware of them. Microsoft quickly developed a patch for these vulnerabilities, but cybercriminals were able to take advantage of the fact that operators of windows systems throughout the world did not apply the patch immediately. Applying patches to every internet-exposed Windows system in the world is a big logistical problem! The WannaCry ransomware attack took advantage of these vulnerabilities and was considered one of the biggest outbreaks of ransomware at the time.  This illustrates another point, which is that zero-day vulnerabilities are particularly dangerous because they can lead to sudden, explosive outbreaks of malware that end up having a huge impact in cyberspace. 

So what, if anything, can be done about these zero-day vulnerabilities?

That is the million (probably more like billion) dollar question. If anyone knew how to categorically prevent zero-day exploits they’d be rich and the world would be a safer place. But the cybersecurity research community and software companies are doing what they can. Many software companies and other organizations with online assets institute “Bug Bounty” programs where they encourage researchers to find vulnerabilities in their own code or network and to disclose them responsibly in exchange for a bounty. This allows the organization to identify and address bugs before they turn into a disastrous zero-day exploit. Researchers will often responsibly disclose bugs even if the organization the bug applies to does not have a bug bounty program. Often they will give the organization 90 days before they make the vulnerability public, which allows the org to address the bug and encourages them to do so quickly.

Anti-virus (AV) software companies are trying to address the threat of zero-day vulnerabilities as well as new strains of malware by incorporating more and more machine learning and artificial intelligence (AI) into their software. These techniques are definitely in their infancy but the idea is that, eventually, AV programs will be able to identify exploits and malware even if they did not previously know about them.

Finally, the best thing that you can do to protect against zero-day exploits is to keep your devices and software updated with the latest patches. This will limit your exposure to known exploits and minimize the time period during which you can be hit by a zero-day. For more info, check out this page about keeping your devices and software up-to-date.