Terms Glossary > Zero-Day Exploit

Zero-Day Exploit

A zero-day exploit refers to an undetected or unaddressed security vulnerability in hardware or software. In contrast, a zero-day event describes any cyber attack that uses the exploit before developers can patch up the vulnerability. The “zero-day” term comes from the fact that the people responsible for the software’s security had no time to fix the problem before it got exploited by cybercriminals.

In other words, the entity responsible for security only discovered the exploit after an event already happened. Thus, they had zero days to patch the issue before an event occurred. Sometimes, security professionals or even users uncover potential events before they occur. In the worst examples, these exploits and even events may remain undetected for weeks or months.

Examples of High-Profile Zero-Day Exploits

To better understand how much damage an undetected, zero-day exploit can do, look at some high-profile examples:

Sony: In 2014, hackers impaired Sony’s networks and stole sensitive company information. Some of this breached data included business plans, executive’s private email addresses, and details about upcoming releases. According to Gizmodo, the attackers may have purchased details about the security problem on the black market. The FBI claimed that North Korea instigated the attack; however, that’s disputed by those who think that even lone hackers could have used the information to create this disruption.
Windows and Chrome: As recently as the fall of 2020, Google warned Microsoft and its users about a potential zero-day exploit that impacted both Chrome and the Windows operating system. This issue would let hackers run malicious code on their victim’s computers. According to ZDNet, both Google and Microsoft patched these vulnerabilities either before or shortly after the announcement.

Defensive Measures for a Zero-Day Exploit

If potential exploits can threaten such large tech companies as Google and Microsoft, they’re obviously hard to detect. By definition, they’re unknown vulnerabilities, so common security software won’t have them included in their databases yet. Still, even small businesses and individuals can take some steps to protect themselves.

Threat Hunting and Detection

Tools such as Sophos’ Intercept-X have the possibility of detecting a Zero-Day, however it is most likely that if an Advanced Persistent Threat or APT were to target your business and deploy a Zero-Day it would most likely go unnoticed until defensive tools found the malicious anomalies.

Patch and New-Release Policies

Naturally, computer users should make it their policy to apply patches and new releases right away. This measure cannot eliminate risks completely, but it can reduce them by slimming the entry points in which to launch an attack.

Zero-Day Exploit Initiatives

On the positive side, some organizations have created zero-day initiatives. These reward people for reporting vulnerabilities to reduce financial incentives to sell this kind of information on the black market. Some companies such as Zerodium will reward ethical research with millions of dollars for their work, which would hopefully reduce the likelihood of them being used maliciously.