Javascript is actually
a good thing!
Make sure it's turned on
so that pingidentity.com can work properly.
Understanding Zero-day Exploits: Protect Your Systems Now
Cybersecurity Fundamentals
Cybersecurity Threats
Top Ways to Detect Risk
Fraudulent Device Detection
Impossible Travel 101
Why Adopt SOAR in Business?
Top Ways to Mitigate Risk
Expand All | Collapse All

What Is a Zero-day Exploit?

 

You may have heard about zero-day exploits, but what are they, and why do they occur? An attack begins with a vulnerability that the manufacturer or vendor doesn’t know about. This flaw can be in software programs, operating systems, hardware devices, connected services, IoT devices, and more. When exploited by a hacker, these weaknesses can cause major problems for individuals and large corporations.

 

When a hacker learns of a vulnerability, they can create an exploit (malicious program) to take advantage of the flaw. When they run the exploit against the targeted system, it can be called a zero-day attack because the vendor didn’t know about it and its programmers had zero days to fix it. 

 

It’s also possible that a potential hacker chooses to disclose the vulnerability to the manufacturer, usually in exchange for recognition, a bounty, or both. 

 

graphic titled What Is a Zeroday Exploit shows a flow from a vulnerability depicted with a hooded hacker to an exploit with a computer screen an attack with a red alert on a screen and then to day zero with a zero on a calendar

 

Vulnerability: A hacker finds a vulnerability and doesn’t tell the vendor. 

Exploit: The hacker creates a malicious program. 

Attack: The hacker releases the program into the vulnerable system.

Day zero: The day the vendor finds the problem and starts working on a patch.

 

It all starts with a vulnerability

As mentioned above, a vulnerability is unknown to the developer or vendor. It’s a flaw inside software programs, hardware devices, connected services, or operating systems that allows an attacker to perform actions that are beyond the scope of their permissions. When this security hole remains unknown to the manufacturer or publisher, hackers can develop an exploit and use the flaw as an entry point to attack the vendor or its customers.

 

A graphic titled It All Starts with a Vulnerability shows five key locks with the middle one unlocked and the others locked

 

Until the vendor creates a patch to fix the flaw, it continues to be called a zero-day vulnerability. When it does become known by the vendor, they must work quickly to fix it to minimize any possible damage. Once a patch is created, it is no longer considered a zero-day.

 

EXAMPLE: Denny is a hacker who found a bug in the most current version of Apple’s iOS. No one, not even Apple, knows about the bug. He studies it to figure out a way to exploit it. Being able to break into iOS is a hacker’s dream because it could give them the power to take over an iPhone remotely without the owner’s permission, pinpoint the owner’s location, get access to telephone calls, read text messages, or spy on the owner with the iPhone camera and microphone. 

 

What is the impact of the attack?

The damage an attack can cause is proportional to the type of victim that is affected. It could have a minor impact on a single individual that goes no further than one streaming account. Or it could have a major impact by targeting a corporate employee who has access to classified documents and compromise the entire corporate network.

 

Once the exploit is written, hackers can con people into downloading it by getting them to open an infected document in a phishing email or by visiting an infected website where the malicious zero-day exploit program automatically downloads to their system. Attacks can capture login credentials, access bank accounts, extract information needed for identity theft, install ransomware, or acquire personally identifiable information (PII).

 

Attacks can also:

 

  • Trick users into downloading an infected document that installs spyware

  • Gain access to corporate resources using the victim’s hijacked credentials

  • Elevate corporate permissions within a corporate network

  • Deface assets the victim may be an administrator for  

 

Who is behind an attack, and why do they do it?

There are several different groups of people who routinely perform these kind of attacks: 

 

  • Cybercriminals

  • Corporate spies

  • Governments

  • Cyber warfare experts

  • Hackers for political causes (“hacktivists”)

 

The exploit can be sold on the dark web, to a broker, or to a spy agency or government to monitor their enemies (or even their citizens). 

 

Why attacks are getting more common

Keeping corporate and personal systems safe and secure from hackers gets more challenging every day. Because of the proliferation of connected devices and the increase in distributed teams, attacks are no longer a rare occurrence. The increasing attack surface has led to an increase in known vulnerabilities over time, as shown by this data.

 

Hackers have many attack vectors to choose from. Many people own a smartphone, a laptop, and a tablet in addition to a work computer that they use remotely, and many companies manage multiple applications across their employee population. Because of this, staying protected from this kind of attack is difficult. Hackers are out there looking for vulnerabilities, and when they find one, they can take advantage of it before anyone else knows about it. 

 

Once the vendor discovers the flaw, they can issue a patch and solve the problem. But the hacker may have already done damage. 

 

Stay alert

Sometimes, people or corporations don’t take the time to update systems or software. Don’t let that happen to you. Remember to be proactive. Keep an eye out for new releases, updates, and patches that come your way. And most important, install comprehensive software that protects against known and unknown threats.

 

Start Today

Contact Sales

sales@pingidentity.com

See how Ping can help you deliver secure employee, partner, and customer experiences in a rapidly evolving digital world.