Zero-Day Vulnerability

Alessandro Mirani

A large-scale cyber breach is always cause for serious stir. Media and social have the opportunity to ride the panic that results from hundreds of thousands of devices suddenly discovering that they are defenseless despite carefully prepared security measures and vulnerability assessments.

It is easy to read in these contexts, among posts and articles, a term that has become stigmatized in computer jargon, and that sums up the threat that has emerged in one word: “Zero-Day Vulnerability.”

What is a Zero-Day?

In the digital world, the term Zero-Day is used to describe goods or services that are pirated and distributed on the same day (or even before) the official launch. The term is thus derived from the fact that, literally, the pirated version is available “zero days” from the original one.

For what concerns Cybersecurity, Zero-Day has become a popular term to describe an exploit, i.e., a program and/or methodology that instrument software vulnerabilities, not yet known to most of the digital population. By extension, attacks and hacking strategies that are developed around a Zero-Day are also called “Zero-Day attacks” or “Zero-Day techniques” and related. The use of the term could be confusing, since it refers to events in the area of hacking but with different nuances; however, the term has become so common, even in technical language, that it is necessary to know this distinction, which is as obvious to the most experienced as it is subtle to the most inexperienced.

How Zero-Day Attacks Work

In 2022 Google Chrome, a browser used by about 60 percent of devices on the network. It had claimed to have fixed 8 Zero-Day vulnerabilities following attacks suffered by its users.

However, the resolution (patching) of a Zero-Day is the final piece that makes up this type of phenomenon. In the case of a popular system (all the more so if it is the most popular), many attackers have an interest in finding all open and unknown vulenrabilities in order to have a high-impact, low-risk route of detection into others’ systems.

The effectiveness of a Zero-Day is greater the longer the time between its detection by the attacker and its detection by the victims. So, as long as a Zero-Day does not become public, attackers have more interest in continuing to exploit it with caution. Once the Zero-Day becomes public knowledge, the people in charge of protecting the attacked systems will try to cover up the flaw (by developing and installing patches) as quickly as possible, while attackers will try to use the exploit as quickly and effectively as possible. In this second phase, the panic effect and information asymmetry are the best weapons an attacker has at his disposal.

Protecting from a Zero-day

Not giving in to panic and not making hasty decisions is the first and most important level of protection. Zero-Day threats are quite common, and it is necessary to be prepared for them as best as possible: a Disaster Recovery plan, clear communication channels and reports in the case of a Zero-Day have the same effect as fire extinguishers and fire drills in the case of an outbreak.

However, it is not advisable to passively accept the occurrence of a Zero-Day. Vulnerability Assessment and Penetration Testing are all activities that should be done periodically, precisely to identify possible Zero-Days in your systems before a hypothetical attacker. In addition, building a network structure that limits, or denies, the propagation of malware and other threats in the network is a great way to have an extra chance of containing a Zero-Day, should one occur.

These activities carried out periodically can then add up to ongoing activities: monitoring of resources, may allow you to identify anomalies: sudden shutdowns, unexpected events, and changes in performance, are indicators that can lead you to identify malicious activity in your systems.

Conclusion

No system can be 100 percent secure from present and future threats, but that does not mean you cannot control and limit the damage of a Zero-Day. A structure suited to withstand these shocks and a team trained to respond dynamically to emergencies can make you more resilient than average when a Zero-Day emerges.

Leave a Comment