WHAT IS A ZERO-DAY EXPLOIT?

Zero-day exploit: an advanced cyber attack defined

A zero-day vulnerability, at its core, is a flaw. It is an unknown exploit in the wild that exposes a vulnerability in software or hardware and can create complicated problems well before anyone realizes something is wrong. In fact, a zero-day exploit leaves NO opportunity for detection ... at first.

Vulnerability Timeline

A zero-day attack happens once that flaw, or software/hardware vulnerability, is exploited and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability—hence “zero-day.” Let’s break down the steps of the window of vulnerability:

• A company’s developers create software, but unbeknownst to them it contains a vulnerability.
• The threat actor spots that vulnerability either before the developer does or acts on it before the developer has a chance to fix it.
• The attacker writes and implements exploit code while the vulnerability is still open and available
• After releasing the exploit, either the public recognizes it in the form of identity or information theft or the developer catches it and creates a patch to staunch the cyber-bleeding.

Once a patch is written and used, the exploit is no longer called a zero-day exploit. These attacks are rarely discovered right away. In fact, it often takes not just days but months and sometimes years before a developer learns of the vulnerability that led to an attack.

 

Anatomy of an Attack - Zero Day

An explanation of zero-day vulnerabilities, how cyber attacks target them, and what you can do to protect your business. (video - 4:05 min)

• Incident?
• Contact
• Chat

Learn More about Zero-Day Exploits

• Zero-Day Danger: A Survey of Zero-Day Attacks and What They Say About the Traditional Security Model 
• Economics of Security Part II: Qualifying the Economic Return From Cybersecurity Solutions 
• Recent Zero-Day Exploits 

Share on FacebookPlus on Google+

SUBSCRIBE MORE CONTENTS