Blog/Infosec 101/

A zero-day exploit explained

May 12, 2021

Developers always try to build their software in a way that no hacker could discover any vulnerability. But what happens when hackers outrun developers? This is what a zero-day exploit is about. Let's learn more about this software vulnerability attack.

What is a zero-day vulnerability?

A zero-day vulnerability occurs when hackers manage to exploit a weak spot in a piece of software before developers find it and fix it. Zero-day means that cybercriminals notice a loophole earlier than developers, and the latter have zero days to patch it. If a hacker manages to exploit the vulnerability, it is called a zero-day attack.

The whole zero-day attack sequence can be described as follows:

  1. A developer releases a piece of software with a vulnerability;
  2. Hackers notice the vulnerability and write an exploit code;
  3. Hackers exploit the vulnerability;
  4. Either the developer spots the vulnerability or it surfaces after a security incident;
  5. The developer releases a patch;
  6. The patch is installed by most users of the app.

What makes a zero-day exploit so dangerous?

The amount of time between hackers exploiting a vulnerability and users applying a patch is known as the window of vulnerability. The longer it is, the more time hackers have to cause damage.

Cybercriminals can exploit a wide range of vulnerabilities this way. It could be a lack of encryption, buffer overflow, various bugs, etc. Due to its varied nature, this attack is difficult to predict.

The damage caused by the attack depends on how fast the developer notices the exploit and releases a patch. But even after its release, not all users will upgrade the software simultaneously. Therefore, those users who haven’t immediately downloaded the patch will still be vulnerable.

Most common software vulnerabilities

Here are software vulnerabilities hackers tend to exploit the most often and the techniques they use:

  • Injection flaws. To employ this attack, hackers use an application to inject the targeted system with a malicious code;
  • Exposing sensitive data. Software can sometimes leak data in its various states, enabling hackers to abuse it (for example, snatch your credentials);
  • Missing or corrupted authentication. The software either doesn't authenticate users or the authentication is weak. As a result, someone might exploit it to access the system;
  • Missed or corrupted authorization. Authorization grants users various rights. It also prevents users from performing unauthorized actions. If a system is flawed or weak, a cybercriminal can exploit it and gain additional privileges;
  • Cross-site scripting (XSS). An application or website contains a malicious code that infects all of its HTTP responses. A hacker can inject such code into an app by exploiting a vulnerability;
  • Cross-Site Request Forgery (CSRF). An application can't verify the requests submitted by a user. Therefore, it trusts unauthorized responses. Users are usually tricked by attackers to submit requests they didn’t intend;
  • SQL injection. This type of exploit is aimed at data-driven applications. An attacker injects a malicious code and can extract content from the database;
  • Improper Restriction of the XML format. XML is a popular data format. In this XML vulnerability, a piece of software can process XML documents that are outside of its control sphere and so start embedding malicious documents;
  • Buffer overflow. Many apps are written in languages that are still vulnerable to buffer overflow attacks. The attack takes place when one tries to overflow a buffer with more data than it can contain. It thus overwrites other areas and disrupts the program's activity.
  • Code components with vulnerabilities. Codes are hardly ever written from scratch and include parts of already existing codes (e.g., libraries, frameworks, or snippets). These codes can contain their own vulnerabilities, which might be more difficult to discover since you haven’t written that part of the code yourself.

In each client folder, you can have subfolders dedicated to invoices, presentations, contracts, offers, models, or any other relevant information.

To organize your files efficiently, you need to combine different types of file organization. You can assign a folder to your client, create subfolders for each year, and store different types of documents. The goal of file organization is you and your co-workers easily finding what you need. If you’re having a hard time navigating through folders and files, this means there’s still room for improvement.

Examples of zero-day attacks

Stuxnet

Stuxnet is probably one of the world's most famous cyberattacks. It caused substantial damage to Iran's nuclear program. Stuxnet was malware that targeted machinery and industrial processes, including those responsible for uranium enrichment. The hackers spread it via an infected USB device. The malware bypassed network security and used rootkit to hide itself.

Heartbleed

Heartbleed is a bug in the OpenSSL cryptography library, which is widely used in the TLS protocol. It employs the buffer over-read, an anomaly where a program overruns the buffer's boundary while reading data and reads the adjacent memory as a result. Even though developers fixed the bug at the beginning of April 2014, as of May 2020, 1.5% of 800,000 TLS-enabled websites were still vulnerable to the bug.

RSA

In 2011, cybercriminals breached the network belonging to RSA, an American network security company. Hackers exploited a loophole in Adobe Flash Player and spread malware by sending emails containing an infected Excel file to the company's employees. Then the malware used the player's vulnerability to install a backdoor onto a computer and take it over remotely. Hackers managed to steal important SecureID data used by RSA customers to assess the security risks.

How to protect yourself from zero-day attacks

While zero-day attacks can strike unpredictably and appear in many forms, there are a few mitigation methods you should seriously consider:

  • Always perform timely updates of your software. It is the most important advice, as hackers exploit the gap between the discovery of a bug and its patching, which comes with updates. So, the longer you delay an update, the more time you give cybercriminals to attack you;
  • Use good security software. Zero-day attacks often try to inject malware that will disrupt or take over your system. Make sure to use premium security software to detect any malicious activities in your system and stop them in their tracks;
  • Encrypt your most precious data. You should always encrypt your sensitive and confidential data so no one could see it even if they got hold of it. You can use the NordLocker tool to do it safely and easily;
  • Use common sense. Do not download dodgy software, avoid opening attachments or messages you find suspicious, and don’t click on unsafe links or pop-ups. Check NordVPN's CyberSec function for enhanced online protection. And don't forget to protect your traffic with a VPN for more data privacy.
John Sears

John Sears

Verified author

John believes that the best things in life are simple. He uses the same approach when he’s writing about online security. John says that his #1 pet peeve is phishing scams. Ironically, his favorite non-work related activity is fishing.