Zero-day vulnerabilities are weaknesses in computer software that are unknown to individuals and organisations interested in patching the deficiency, such as its vendor. Until this undiscovered vulnerability has been effectively mitigated, cybercriminals can potentially exploit this fault, negatively impacting a computer’s data, additional devices and even a network. An attack that is directed at a zero-day vulnerability may be known as a zero-day exploit, or simply a zero-day attack. These are severe attacks that can be extremely hazardous to enterprises.
The history of the term zero-day
“Zero-day” was a term first used to quantify how many days had elapsed since a brand-new software product was officially released. Zero-day software was therefore software that hackers had acquired by cracking a developer’s device and stealing it prior to its public release. Zero-day transformed into a term that was then applied the actual vulnerabilities that could be exploited by hackers and to how many days a vendor has available at their disposal to resolve them.
After the vendor discovers these vulnerabilities, it will typically suggest potential work arounds or protective patches. The more recent the vendor’s discovery of the vulnerability is, the higher the likelihood is that no mitigation or security patch has been created. Even once a fix has been found, not all users will install the update containing the patch for their software immediately, if at all, rendering their devices vulnerable to attack in the time between discovering the breach and taking action against it. In zero-day attacks, unless the vulnerability is resolved inadvertently, the probability that a software user has applied a patch from the vendor that fixes the weakness is zero, making the exploit readily available.
Watering hole attacks
Zero-day vulnerabilities on dedicated browsers and other forms of software are a common cause of websites becoming infected with malicious software and viruses. One particularly insidious threat that can result from a zero-day vulnerability is a watering hole attack. This type of attack starts with cybercriminals researching and locating a website that is used frequently by personnel based at the organisation they are targeting, or a specific industry or sector, such as defence or healthcare. Using a zero-day attack, the website is compromised, allowing hackers to infect it with malicious software.
After identifying the weaknesses that exist in the target organisation’s cybersecurity protocols and protective measures, the hacker who has control of the watering hole site manipulates it to deploy malware designed to exploit these vulnerabilities. As the target organisation trusts the watering hole site, its users may download infected attachments without ever realising the threat they contain. The most common forms of malware delivered are Remote Access Trojans (RAT), which empower attackers with remote access to their target’s system.
Fortifying your firm’s security
The secure platform from Galaxkey has been developed to provide a safe environment for enterprise staff to operate and perform their roles. Packed with easy to adopt security features and innovative tools, it delivers effective protection against cybercrime. Contact our team today to book an online demonstration.