What is a zero-day attack?

zero-day attack

Provided you’ve read any cybersecurity story in the media recently, you’ve probably come across the phrase ‘zero-day attack’ before. It’s often dropped into reports by journalists with little explanation of what it means or why you should worry about it. So, in the interest of clearing up some confusion, here’s everything you need to know. 

What does ‘zero-day’ mean?

Usually, software companies and developers will periodically fix flaws in their products. However, there are some rare instances where this doesn’t happen and a flaw goes unnoticed.

The term ‘zero-day’ refers to those security vulnerabilities that fall through the cracks. It’s neat shorthand for developers having only just discovered the flaw and limited time (zero days) to fix it.

A zero-day attack happens when the bad guys get there first and hackers exploit the flaw before the developers discover it. 

How do zero-day attacks work? 

All software, no matter how robust initially, develops vulnerabilities over time. It could be that the software was built with vulnerabilities that weren’t anticipated at the time or it might be that a new cyber threat has emerged since it was created.

Whatever the reason, the fix is usually simple. Developers create a patch, release it in an update to users, and the vulnerability is dealt with. Think of it as being a bit like your mum fixing your school trousers after you fell over in the playground for the umpteenth time.

Unfortunately, this doesn’t always happen and hackers get there first. And, as long as the vulnerability goes undetected, cybercriminals can write and implement code to exploit it. This could allow them to steal confidential data, launch social engineering attacks, or even release malware onto users computers. 

This can go on for as long as the vulnerability remains undetected; sometimes days or even months. What’s more, even when the flaw has been fixed and an update released, it may take some time before every user updates their device. After all, an update is only as good as the number of users who download it. 

How do you know when a zero-day attack has happened?

A zero-day attack is particularly dangerous because the only people who know about it are the cybercriminals themselves. This allows them to pick their moment, either attacking instantly or biding their time.

Because vulnerabilities come in many shapes and sizes from problems with password security to broken algorithms, they can be very hard to detect. Often, a business won’t know there’s anything wrong until the vulnerability has been identified.

Nevertheless, there are some telltale signs. You might see sudden surges in unexpected traffic, odd behaviour from software you’re using, or suspicious scanning activity. 

Are there any famous examples?

Incidents involving zero-day vulnerabilities are more common than you might think. Only days ago (early Feb 2022), it was revealed that three critical flaws in the code for a WordPress plugin threatened 30,000 websites worldwide. Fortunately, on this occasion, WordPress appear to have got there before the bad guys, but there are plenty of examples when businesses weren’t so lucky.

Zoom, 2020

In this instance, hackers found a vulnerability in the popular video conferencing platform Zoom. It allowed cybercriminals to remotely take over the computer of anyone using Zoom and running an older version of Windows.

Microsoft Word, 2017

In a horribly alarming twist, this attack used a vulnerability in Microsoft Word to steal users banking login data.  Users who opened seemingly normal Microsoft Word documents unwittingly installed malware on their device that was able to collect banking login credentials. 

Apple iOS, 2020

Apple is generally famous for its impregnable security (remember the old myth that Apple Macs couldn’t get viruses?). However, in 2020, hackers did discover a vulnerability in its iOS mobile operating system. This flaw allowed cybercriminals to remotely access and control unlucky users iPhones.

What can you do to protect your business?

Update your software regularly

The easiest way to protect your business against zero-day attacks is to regularly patch your software and operating systems. It shouldn’t take you more than a couple of minutes each month. All it requires is that you check now and then for any new updates to tools and software you use. Or, if you want an even easier solution, simply turn on auto-updates in your device’s settings, and you won’t even have to think about it.

Use a firewall and anti-malware

Firewalls and anti-malware tools are the first line of defence for most cybersecurity threats and zero-day attacks are no different. Good firewalls and anti-malware can thwart some zero-day attacks the minute they enter your system. 

Limit the number of applications you use

Most businesses already do this to some extent, software costs money after all. However, when it comes to protecting your business against zero-day threats a simple maxim applies: the less software you have, the smaller the number of potential vulnerabilities. So try to use only the software and tools your business really needs. 

Educate your team 

Most zero-day attacks capitalise on human error in some way. So educating your employees on good security practices and habits can help reduce the risk of a successful zero-day attack. For more on how to go about this, check out our blog on security training

Protecting your business on a budget is tricky. Calling in the experts or investing in the latest tools is expensive. So what can you do? CyberSmart Active Protect secures your business around the clock with no need for costly consultants, tools or an in-house team. Try it today.

Active Protect CTA