Email Security

    Zero Day Exploits Explained

    There are literally hundreds, if not thousands or approaches cyber criminals can use to exploit your IT infrastructure and access sensitive data.

    by Boris Vaynberg

    Once an exploit is discovered it can be dealt with using signature-based technologies that scan for that signature and apply the appropriate measure to prevent its impact. 

    But how do you deal with a cyber attack that hasn’t been seen before by your security vendor? Specifically, how do you deal with the first occurrence of a new cyber attack? These “first occurrences” are known as a zero-day threat.

    According to technopedia, a zero-day threat is:

     “A zero-day threat is a threat that exploits an unknown computer security vulnerability. The term is derived from the age of the exploit, which takes place before or on the first (or “zeroth”) day of a developer’s awareness of the exploit or bug. This means that there is no known security fix because developers are oblivious to the vulnerability or threat.

    Attackers exploit zero-day vulnerabilities through different vectors. Web browsers are the most common, due to their popularity. Attackers also send emails with attachments exploiting software attachment vulnerabilities.”

    The good news is that zero-day exploits have a shelf life of as long as it takes for the industry (read security vendors) to discover it, forensically diagnose how it works and then apply a fix to their solutions in the way of a software patch, a signature update or an update to their cloud services.

    The bad news is that the “vulnerability window” can sometimes be hours or even days, when it only takes minutes or even seconds for that zero-day exploit to wreak havoc to your organization’s productivity, profitability and reputation.

    Cyber Espionage?

    According to Kim Zetter in a Wired article titled “Hacker Lexicon- What Is A Zero Day?”:

    “Zero day vulnerabilities and exploit codes are extremely valuable and are used not only by criminal hackers but also by nation-state spies and cyber warriors, like those working for the NSA and the U.S. Cyber Command.” 

    Sounds like a Hollywood movie, doesn’t it?  The sad part is that life imitates art and art imitates life more often than not when it comes to cyber attacks and the depth and breadth of impact hackers can accomplish by just creatively exploiting something previously unknown.

    Learn more about how to build cyber resilience against zero-day attacks here.

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page