Avast Academy Security Hacking What Is a Zero-Day Attack?

What Is a Zero-Day Attack?

Zero-day attacks take advantage of software flaws that are unknown to the software’s developers to target victims without prior warning. These attacks grow more common every year, so it’s important to know the risks. Here, we’ll discuss zero-day exploits and vulnerabilities, examine some examples, and learn how dedicated antivirus software like Avast One can keep you safe.

Editors' choice
Top Rated
Written by Anthony Freda
Published on February 4, 2021

What is a zero-day vulnerability?

A zero-day vulnerability is a newly discovered software security flaw that hasn’t been patched, because it remains unknown to the software’s developers. Developers learn about a zero-day vulnerability only after such an attack happens — they had “zero days” of advance warning to patch the vulnerability before the attack hit.

Hamburguer menu icon

This Article Contains :

    What is a zero-day exploit?

    A zero-day exploit occurs when hackers take advantage of a vulnerability, often by creating special malware, called zero-day malware. As soon as a hacker identifies a software vulnerability, they’ll begin working on an exploit to target these newly discovered security holes.

    At this point, the race is on — can the hacker exploit the vulnerability before software developers discover it on their end and issue a fix? After a zero-day exploit is found, developers scramble to identify the breach, figure out what happened, and create a patch to neutralize the exploit before more attacks occur.

    Why is it called a zero-day attack?

    A zero-day attack happens when someone exploits a software vulnerability that’s unknown to developers or the public at the time of the attack. It’s called a “zero-day” attack because developers had zero days to fix the flaw before the vulnerability was exploited or made known to the public.

    Patching zero-day vulnerabilities can take a long time. Microsoft and other major software developers roll out patches only about once a month. The less frequently you update your software (or, perhaps, the less frequently updates are made available for critical software), the more vulnerable you are to security breaches.

    Why are zero-day attacks so dangerous?

    Zero-day attacks are a major threat because there’s no “cure” until a patch is released, and this can take a while. You could be using software that might not be fixed for weeks or even months. And many people are slow to update their software even after a patch is released.

    During this time, attackers are unrelenting as they try to target as many people as possible before a patch rolls out. This can put your personal data at an even higher risk than normal.

    Minimize your security risks by always updating your software as soon as patches are available. And don’t rely on patches alone — with a strong antivirus from a provider you trust, you’ll get 24/7 protection against malware, hacking, and a wide range of other online threats. Try Avast One today.

    How do hackers become aware of zero-day vulnerabilities?

    Because zero-day attacks happen before anyone else knows that there’s anything wrong, how are zero-day vulnerabilities discovered in the first place? In other words, how does a hacker become the first person to find a security flaw?

    One way is with a process called fuzzing, which involves inputting a ton of data at different intervals and seeing how a program responds. Overloading programs often crashes them, and sometimes that crash results in unexpected behavior. The overloaded program might run code it isn't supposed to, and if the hacker can write that unintended code and get it to run, then they’ve found an exploit. 

    Another way to find these flaws is to study and analyze earlier ones. Cybercriminals look at previous software exploits and try to adapt them to new programs or situations. They also break down what goes into the latest security patches or signature updates for antivirus software to hunt for any exploitable flaws.

    Some hackers learn about vulnerabilities by paying other hackers for the intel. The person who finds the zero-day vulnerability may want to sell that knowledge instead of exploiting it themselves. Zero-day vulnerabilities are traded and sold between hackers on the dark web.

    Software vulnerabilities are like open windows that hackers can exploit to deliver malware.Hackers scour the web looking for vulnerabilities to exploit.

    Software developers themselves also use these methods to try to find vulnerabilities in their own software. But imagine a scenario where an attack happens before the vulnerability is known. In these situations, how are zero-day attacks discovered?

    Zero-day exploit detection

    The longer a zero-day attack remains undetected, the longer the hacker can continue attacking, and zero-day exploits are often hard to detect. Developers look out for the following warning signs of a zero-day exploit.

    • Strange software behavior. Software vendors analyze how programs responded to previous exploits and try to detect similar behavior in other programs. Patterns emerge in hack attempts, like a conspicuous series of strange commands leading up to code execution. If these are detected, it might mean an attack is happening.

    • Statistics of unsafe computing. When data moves at the same pace or volume as it did during a previous attack, something might be wrong. Attacks are more likely to happen the day after a major security update is released, and this is a variable that plays into this mode of detection.

    • Signatures of past security patches. Developers can look at the signatures for previously exploited vulnerabilities. They’re like fingerprint samples — characteristics are bound to show up again elsewhere. Developers can then scan for these deficiencies and remove them.

    Each of the above techniques has blindspots, though, which is why they’re often used in concert.

    Since attacks can come through so many different hidden avenues, a broad defense might be the only thing keeping an attack from targeting and getting to you. Avast One is built on top of powerful threat-detection technology that monitors your device in real time to detect any signs of an attack. It’ll keep your system safe and instantly block hackers from installing malware on your computer or phone.

    How common are zero-day attacks?

    Zero-day attacks were the most common type of malware in 2019, and trends indicate that their prevalence will only grow.

    Zero-day vulnerabilities are hot-ticket items and difficult to find, motivating hackers to search carefully for them. Unused zero-day exploits can sell for hundreds of thousands of dollars. So an attack is going to be milked for all its worth. 

    Zero-day exploits have become lucrative in three separate markets:

    • The black market is where criminal activity takes place. Hackers steal personal information such as credit card numbers to use or sell on the dark web.

    • The white market involves benign hackers who find zero-day vulnerabilities (as happened with this Windows vulnerability) and show them to the vendor, possibly receiving a reward.

    • The grey market is military-based, with exploits being sold or used for espionage, surveillance, and technological warfare.

    Who is most vulnerable?

    The main targets of zero-day attacks are businesses, organizations, and institutions. Cyberterrorists might use a zero-day exploit to disrupt the operations of an arms manufacturer or gain access to confidential information. In other words, zero-day exploits often involve large-scale attacks that don't affect everyday people. 

    But this doesn't mean that you’re that much safer as a private individual. In non-targeted zero-day attacks, a piece of software like iOS is used to hit as many unsuspecting people as possible

    The more widely used a piece of software is, the more that hackers will try to break into it. While you probably aren't harboring national security secrets in your email account, you might get caught up in an attack where hackers are targeting as many people as they can. The longer a list of credit card numbers, the more valuable the list. 

    Even if you’re using only personal devices, the risks and dangers can still be substantial.

    Examples of past zero-day attacks

    Stuxnet is a computer worm that uses a rootkit, and it dealt a considerable blow to Iran's nuclear program in 2009 by exploiting vulnerabilities in a piece of software that many of us use every day: Microsoft Windows. That's right — the operating system that allows us to send email and browse the web all day was manipulated to destroy nuclear centrifuges and cause geopolitical unrest. If that sounds wild, it's because it is. 

    Sony Pictures was the target of a zero-day attack in 2014 when they suffered a massive leak of unreleased content and sensitive personal information. Not only that, but entire corporate systems were erased, resulting in millions of dollars in damages. 

    Those attacks don’t concern us, right? Unfortunately, the zero-day exploit list isn’t limited to corporate and government targets. Let's look at a zero-day attack example that directly affected average people like you and me.

    In 2017, Microsoft Word was hit with a zero-day exploit that compromised personal bank accounts. The victims were everyday people who unknowingly opened a malicious Word document. The document displayed a “load remote content” prompt, showing them a pop-up window that requested external access from another program.

    When a victim clicked “yes,” the document installed a dangerous bit of malware called Dridex on their computer. Once this happened, Dridex could tell when the victim was logging into their bank account and capture their login credentials. 

    It’s not all bad news — the party with the most power to prevent these attacks is you. As we saw in the Microsoft Word attack, victims needed to actually take an action (click a button) before the infected document could install the malware onto their computer. 

    Now let's take a closer look at how to prevent zero-day attacks.

    Defense against zero-day attacks

    Since zero-day attacks happen without warning, the best zero-day attack prevention strategy includes these four preventative measures:

    • Always update your software.

    • Practice smart internet safety (and website safety) habits.

    • Use a secure and private browser, and strengthen your browser security settings.

    • Use reliable antivirus software.

    By detecting and blocking malware and other threats, a top-tier anti-malware tool can help guard against zero-day attacks. Avast One uses a heuristic protection model, which means that it scans for common attack patterns or signatures to identify potential threats.

    And Avast One automatically updates to protect against new threats as they emerge. That way, you’re kept safe even against brand-new zero-day exploits.

    Keep your security software and patches updated

    Zero-day attacks are only as effective as you are vulnerable to them. Updating your software whenever new security patches are released will protect you against any exploits that target older software versions. This goes for your operating system as well as any programs and apps you use.

    The window for a zero-day attack is already dangerously long, since the software developer needs time to find and patch the security flaw. So the last thing you want is to extend that window of time and further increase your risk by not installing the patch quickly.

    Of course, you can’t, by definition, immunize yourself completely against zero-day threats. But with a strong antivirus defense, you’ll know immediately when it’s time to update your software. 

    Avast One automatically detects outdated software on your device, and updates itself automatically to protect against newly discovered threats. That means you’ll never have to worry about your cybersecurity solution becoming obsolete.

    Of course, organizations must do their part to protect against zero-day attacks. Cybersecurity teams should be up-to-date on the latest vulnerabilities and actively look for them through penetration testing and other methods.

    Adopt better online security habits

    Internet security rule number one: If something seems or looks suspicious, don't click on it.

    • Don't click fishy links in emails, no matter who the email is from. If your aunt or nephew has sent you an email about being stranded in Cambodia, they've probably been hacked, and this is a phishing scam. If you get an email about participating in an exciting new venture, it's likely fake. Clicking a strange link could execute malicious code on your computer and lock you out of your email account, among other things. 

    • Avoid clicking advertisements. If something catches your eye from the corner of a webpage, look it up instead of clicking the link directly. The product might be sketchy, and you might find a safer and better alternative with a quick search. In other cases, the product might be fine, but the ad itself might be compromised.

    • Sometimes, online ads can be infected with malware, and when you click, the malware gets installed on your computer. Instead, search for the product yourself so you can head straight to their website. Even better, use an ad blocker to avoid the potential problem altogether. 

    • Ask yourself if what you’re seeing is legit. There are YouTube channels that provide discount codes to all sorts of products. Again, be sure to employ common-sense browsing. Check the comments and the number of likes a video has, and you can tell very quickly if something is amiss. Take a look at the video and its channel and ask yourself, “does this look legitimate?” When in doubt, don't click.

    Rule number two: Limit the amount of personal information you share online. 

    • Don't upload a scan of your passport or driver's license. If you absolutely must, use a VPN or another solution with end-to-end encryption (here’s a run down of some of the best security apps for iPhone). Don’t be careless with sensitive information.

    • Use only credit cards, and only on secure websites. Debit card numbers offer direct access to your checking account, which is a big no-no. Check the URL to see if the site you’re using is secure. A secure website’s address should begin with “https,” and you should see a green checkmark or a padlock icon in the URL field at the top of your web browser

    • Use strong passwords without identifying information. Think of a long string of characters with many numbers, as well as upper- and lower-case letters and symbols. Use a password manager or keep your passwords written down somewhere handy and safe.

    Strengthen your browser security settings

    Sometimes common-sense browsing doesn't work, especially when a reputable website is under attack. Use your browser's privacy settings as an extra layer of defense.

    • Block pop-ups.

    • Disable auto-fill and password saving.

    • Try browsing privately.

    • Disallow third-party cookies (with exceptions for trusted sites).

    • Enable automatic updates.

    • Force your browser to ask your permission when a site wants to install an add-on.

    Your browsing experience might not be as fast as you’d like, because you’ll have to manually log in to websites every time you visit them. But better safe than sorry.

    Take steps now to prevent zero-day attacks

    Since zero-day attacks are so unpredictable, there's no way to protect yourself fully. You can't do everything – but you can do a lot more. 

    Avast One not only updates itself automatically as new threats emerge, but it also uses state-of-the-art heuristic detection methods to block and remove unknown malware. That’s why a robust and trustworthy antivirus tool is your strongest defense against zero-day threats.

    Get Avast One for iPhone to help block hackers and malware

    Free install

    Get Avast One for Android to help block hackers and malware

    Free install
    Anthony Freda