What is a Zero Day vulnerability?

What is a Zero Day vulnerability?

Generally, when the manufacturer or developer of an application or web service discovers a security flaw in your system, they quickly apply an update or patch to fix it. But what happens if it is the cybercriminal who finds the vulnerability before the developer and takes advantage of it without the latter or the users being aware? This is what is known as a Zero-Day vulnerability.

As its name suggests, a zero day or Zero Day vulnerability is a type of exposure that has just been discovered, and that does not yet have a patch to solve it. The main threat is that, until said corrective patch is released and users install it on their computers, attackers have a free hand to exploit the vulnerability and take advantage of the security flaw. These types of attacks are called Zero-Day Attacks.

If we pay attention to news related to cybersecurity or computing, it will not take long to find a related article. For example, a striking case was the ransomware that affected a large number of computers throughout 2017. Following a vulnerability in the Windows operating system, cybercriminals took advantage. They managed to infect a large number of computers with the WannaCry ransomware, which encrypted files on infected computers were asking users for a ransom.

How do attackers discover these vulnerabilities?

Cybercriminals spend a great deal of time looking for new ways to carry out their attacks, for example, trying to identify possible flaws in the code of some software, service or website for hours. However, the internal structure of a web page or an application is very complex, and finding weak spots in its code is an incredibly complex task for one person.

Let’s see, through an example, the step by step from when a vulnerability is discovered, until a patch is designed to solve it:

  1. A software manufacturer has just launched an application for mobile devices that is quickly catching on. Unknowingly, the code behind the application contains a flaw that results in a zero-day vulnerability.
  2. A group of cybercriminals, aware of the recent popularity of the app, launch several attacks against it to identify possible flaws in its security. Finally, they find the vulnerability, which allows them to access the application code.
  3. Attackers write and implement code or script to exploit the vulnerability and take advantage of it. At the same time, it is available, that is, as long as the developer does not apply a patch to correct it.
  4. As a consequence of the above, users begin to notice failures in the apps and notify the manufacturer of its malfunction. The developers investigate it and detect the vulnerability. They quickly prepare an update to fix the vulnerability.

Once the vulnerability is discovered and addressed, it is no longer a zero-day vulnerability. Unfortunately, these types of vulnerabilities are not found immediately, and it can take days, weeks and even years until the consequences of cyberattacks are discovered.

How does it affect us, users?

From the moment the attacker discovers the vulnerability until the manufacturer releases an update to resolve it, the cybercriminal has had time to compromise system security and install malware, steal data or modify the behaviour of the application or service.

Theft image Some examples of malware used in zero-day attacks are: ransomware, keyloggers, adware or spyware, among others. In the event of data theft, the attacker’s priority is to obtain as many access credentials, emails, and personal information as possible.

One of the favourite targets is web browsers, due to how widespread they are and the amount of information they store about users, such as credentials or search habits.

As users, the level of threat posed by a vulnerability of this type is very high. First, because the attacker takes advantage of a vulnerability in the internal structure of the app or web service, with which we have no control or option with which to protect ourselves. And second, because we can compromise our devices by performing everyday actions, such as using the web browser, browsing a dedicated web page or merely executing a multimedia file.


How can we protect ourselves?

When it comes to vulnerabilities, the most critical measure we must take to protect our security and privacy is to keep all the protection tools available to us activated. An installed and updated antivirus can mean the difference between an infected device and a contained threat.

Also, another fundamental measure is to keep all the software we use updated. The updates are not a whim of the developer, but security patches that fix bugs, close gaps and vulnerabilities that have been discovered, such as zero-day ones.

Finally, to add an extra layer of security, we can identify the software we have installed and subscribe to the OSI newsletter and current notices. In this way, we will be aware of possible news and threats related to the operating system, program or app.

In conclusion, as users, it is not always up to us to protect our computers from cyberattacks. Still, we do have the responsibility to make sure that we keep all protection tools active, as well as follow the guidelines and acceptable practices that we have available to mark the difference.

From the OSI we encourage you to visit our tools section and, if you still have questions, call us at the free phone number 017, INCIBE’s cybersecurity helpline. Being informed is our best defence!

Did you know about these types of vulnerabilities? Do you know of any attacks related to Zero Day vulnerabilities? Share your opinion and experiences with the rest of the users and keep up to date with the OSI publications on cybersecurity to be able to enjoy the advantages of technology.

Leave a Reply

Your email address will not be published. Required fields are marked *