[WEBINAR] Fast Analytics for Big Data and Small

Zero-Day Threat

Definition - What does Zero-Day Threat mean?

A zero-day threat is a threat that exploits an unknown computer security vulnerability. The term is derived from the age of the exploit, which takes place before or on the first (or “zeroth”) day of a developer’s awareness of the exploit or bug. This means that there is no known security fix because developers are oblivious to the vulnerability or threat.

Attackers exploit zero-day vulnerabilities through different vectors. Web browsers are the most common, due to their popularity. Attackers also send emails with attachments exploiting software attachment vulnerabilities.

A zero-day threat is also known as a zero-hour attack or day-zero attack.

Techopedia explains Zero-Day Threat

Zero-day exploits are often put up by renowned hacker groups. Typically, the zero-day attack exploits a bug that neither developers, nor the users, know about. Indeed, this is exactly what the malicious coders anticipate. By discovering a software vulnerability before the software's developers do, a hacker can make a worm or virus that can be used to exploit the vulnerability and harm computers.

Not all zero-day attacks actually take place before the software developers discover the vulnerability. In certain cases, the developers discover and understand the vulnerability; however, it may take some time to develop the patch to fix it. Also, software makers may occasionally postpone a patch release to avoid flooding users with several individual updates. If the developers find that the vulnerability is not extremely dangerous, they may decide to postpone the patch release until a number of patches are collected together. Once these patches are collected, they are released as a package. However, this strategy is risky because could invite a zero-day attack.

Zero-day attacks occur within a time frame, known as the vulnerability window. This extends from the first vulnerability exploit to the point at which a threat is countered. Attackers engineer malicious software (malware) to exploit common file types, compromise attacked systems and steal valuable data. Zero-day attacks are carefully implemented for maximum damage - usually in the span of one day. The vulnerability window could range from a small period to multiple years. For instance, in 2008, Microsoft revealed an Internet Explorer vulnerability that infected a few versions of Windows released during 2001. The date in which this vulnerability was initially discovered by the attacker is unknown, but the vulnerability window in such a case might have been as much as seven years.

Share this: