What Is a Zero-Day Exploit? The Top 5 Types

SoftwareLab Blog

BY: Tibor Moes / Updated: FEbruary, 2019

What is Zero-Day?

Zero-day is a term that refers to previously unknown and/or undocumented IT issues. It can refer to software and system vulnerabilities, as well as viruses, worms, malware, and attacks that exploit those vulnerabilities in order to take control of target computers and networks. Read on to learn about the biggest recorded zero-day attacks and the best ways to stay safe.

What you will find out in this article: 

  1. What Is Zero-Day?
  2. What Types of Zero-Day Exploits Exist?
  3. How to Detect a Zero-Day Attack?
  4. How to Protect Against Zero-Day Attacks?

Hackers can use zero-day exploits to install malicious software on your computer and take control of your files and personal data. Don’t take your internet security for granted. Read our comparison of the best antivirus software to stay protected online.

Tibor Moes

Founder, SoftwareLab

Zero-Day Exploit

No piece of software is perfect. Even if it excels at what it’s supposed to do, there may be some security vulnerabilities hidden in the code. Although software developers usually work overtime to solve any underlying issues, hackers are often faster at identifying security flaws and taking advantage of them. They can exploit these flaws to launch the so-called zero-day attacks against computers and networks, and not even the finest cybersecurity solutions may be able to ward them off.

What is Zero-Day?

In computing, the term zero-day (often stylized as 0-day) refers to the first day that some issue is known or anticipated. The term is also used as a benchmark, seeing as most security teams tend to keep track of the time that has passed between the day that an IT-related problem was discovered and the day that it was resolved. As such, zero-day refers to the day that they first started addressing the issue at hand. The term is most often used to describe certain cybersecurity threats – viruses, vulnerabilities, and attacks.

A zero-day virus is a cybersecurity term used to describe a virus that has just been discovered and that can’t be detected and/or removed by existing antivirus software. Similarly, zero-day malware refers to newly-discovered malicious software that needs to be researched and addressed quickly. There are also zero-day worms, which can be either metamorphic (those that have their entire code changed with each new release to avoid detection) or polymorphic (those that only have one part of their code changed).

Regardless of the type, any newly discovered and currently unaddressed cybersecurity threat can be referred to as a zero-day exploit. As the name suggests, these threats achieve their effect by identifying and exploiting security flaws in applications, systems, and networks that haven’t yet been identified, documented, and reported to the public by cybersecurity experts. Most often found in newly released or recently updated pieces of software, these flaws are commonly referred to as zero-day vulnerabilities.

Many use the terms zero-day exploit and zero-day vulnerability interchangeably, even though there is a major difference between the two. Because it refers to cyber threats, a zero-day exploit is inherently malicious. In fact, it is often referred to as a zero-day attack and no cyber attack is benevolent. On the other hand, the term zero-day vulnerability is neutral, seeing as it can also refer to software flaws that security experts have uncovered and fixed before hackers have had time to identify and exploit them.

What Types of Zero-Day Attacks Exist?

In recent years, zero-day attacks have become particularly common. According to 2016 statistics, zero-day exploits made up more than one-third of all malware attacks in the world. This threat targets all internet-connected devices, regardless of whether they belong to private or business users. Some of the biggest zero-day attacks in the last few years include the following:

  1. Stuxnet

Discovered in 2010, Stuxnet was one of the first zero-day exploits to make tech headlines. Exploiting zero-day vulnerabilities found in Windows software, this computer worm was notable for targeting digital equipment that controls the production of enriched uranium, which is used to power nuclear weapons. Although the authors of Stuxnet are still unknown, it is believed that it was launched by the U.S. and Israeli intelligence agencies with the aim to derail Iran’s efforts to develop nuclear weapon.

  1. The Sony Zero-Day Attack

In 2014, a group of hackers believed to have ties to North Korea carried out a zero-day attack against Sony Pictures Entertainment, one of the six major film studios in Hollywood. The exact vulnerability that the hackers exploited remains unknown, but their attack resulted in thousands of pages of stolen contracts, business plans, scripts, and even full copies of five unreleased, award-seeking movies. Most notably, the hackers obtained thousands of private emails written by the studio’s top executives.

  1. The DNC Zero-Day Attack

Perhaps the most notorious zero-day attack occurred in 2016 when a group of Russian hackers exploited at least six zero-day vulnerabilities in programs like Flash and Java to hack the Democratic National Committee. The hackers obtained numerous private emails sent and received by well-known political figures, including the then-presidential candidate Hillary Clinton. All stolen information, including a long list of donors to the DNC, was published on WikiLeaks, as well as the newly created DCLeaks website.

  1. The 2017-2018 Microsoft Zero-Day Exploits

In 2017 and 2018, hackers have identified numerous zero-day vulnerabilities in Microsoft Office. Despite Microsoft’s attempts to fix the issues, the hackers kept finding ways to bypass the security patches and launch attacks. One of them used the FELIXROOT backdoor, a type of malware, to launch a cyber espionage campaign against mainly Ukrainian targets. Since it was distributed via Russian-language Rich Text Format (.rtf) documents, it is thought that the Russian government was responsible for the attack.

A few months after the FELIXROOT attack, in August 2018, a Twitter user claiming to be a cybersecurity analyst discovered a zero-day vulnerability in the 64-bit version of Windows 10. This information was publicly available, which means that hackers could access it and exploit this vulnerability to target computers running on this operating system. What’s more, the fact that it took Microsoft a whole week to release a security patch gave hackers plenty of time to carry out attacks.

  1. The BuggiCorp Zero-Day Exploit Sale

In 2016, a user known as BuggiCorp advertised the sale of a major zero-day exploit on a Russian web forum specializing in the selling of cybersecurity information. Priced at $90,000, the exploit was alleged to be able to take advantage of a local privilege escalation vulnerability in all versions of Microsoft Windows, including Windows 10, the latest version of the operating system released the year before.

The seller claimed that if the exploit was activated, it could affect as many as 1.5 billion computers around the world. It is unknown if any cybercriminal has bought the exploit. All that is known is that the seller originally priced the exploit at $95,000, only to later slash the price to $90,000 and then $85,000. Some cybersecurity media outlets saw this as a sign that the seller of the exploit couldn’t find a buyer.

How to Detect a Zero-Day Attack

Because zero-day vulnerabilities are software-specific, there is no way for individual users to detect them unless they possess immense coding skills and decide to look closely at the source code in search for security flaws. As far as programmers are concerned, they can employ one of the following techniques to detect zero-day attacks and take steps to neutralize them:

  • Statistical Method – This method relies primarily on data from previously identified exploits that targeted the same system. Security experts use various machine learning techniques to gather the data and determine a normal system behavior. Any deviation from safe behavior is treated as a red flag.
  • Behavioral Method – This method focuses on the way how a known piece of malware interacts with its target. Rather than focusing on the actual content of incoming files, this technique examines their interaction with the system to try and predict if this interaction is normal or a result of a possible malicious activity.
  • Signature Method – Every single cyber threat, be it a virus, a worm, or a piece of malware, has its unique signature that antivirus software uses to detect them. By definition, zero-day exploits are unknown, which means that they don’t have a signature. However, security experts can employ machine learning to develop new signatures based on previously identified exploits and use them to possibly detect future zero-day attacks.
  • Combined Method – As the name suggests, this method is a combination of the three methods outlined above. Although more complicated than any of the individual techniques, this method should deliver the most accurate results.

How to Protect Against Zero-Day Attacks

Since zero-day attacks exploit previously unknown software and system vulnerabilities, there is no way to prevent them. However, there are some things that you can do to avoid falling victim to a zero-day attack. For one, you should regularly update all the applications that are installed on your computer. If you’re no longer using some programs, it is always better to remove them from your computer than to keep outdated software and potentially expose your system and files to hacker attacks.

It is also essential that you use the best antivirus software to keep your computer safe. As with most other cyber threats, hackers can use zero-day exploits to install spyware, ransomware, and other types of malicious software on your computer. A good antivirus program will detect all those threats and remove them from your computer. What’s more, it will provide real-time protection against all other cyber threats and perform automatic background scans without slowing down your computer.

Your firewall also plays a crucial role in warding off zero-day attacks. Although some operating systems have built-in firewalls, some of the best antivirus programs come with advanced firewall features that provide optimal protection at any given time. In addition to the firewall, remember to enable regular database and virus definition updates, thus ensuring that your computer is safe from the latest threats.