If you are concerned about security and IT in general, you have, no doubt, come across the term “zero day”.
It could refer to two things: zero day exploit or zero day vulnerability.
A zero day vulnerability is a vulnerability in a software you are using which the developer or software maker has not yet discovered. A zero day vulnerability is not yet known by the public, but it may be used by hackers to attack you, infect your system with malware, or spread malicious code. Zero day vulnerabilities are often found in browsers and operating systems, and in the most popular software in the market. And because the software vendor is not aware of the security hole, there are no patches or fixes for it.
You also have zero day exploit, which is a piece of code that cyber criminals use to take advantage of the previously unknown vulnerabilities in the software you are using. This code usually plants a virus, a Trojan or malware into your device or computer.
To make it simpler to understand, the term zero day is used because the developer or antivirus companies has had zero days to work on a fix or a patch. And you can liken it to a thief entering your house through an unlocked door. The zero day vulnerability is the unlocked door while zero day exploit is the thief.
Zero day exploits and vulnerabilities used to be very rare. Back in the day, only one or two incidences out of millions investigated and discovered by security firms every month involved a zero day exploit.
But not anymore. It has become more common during the recent years. In fact some of IT’s biggest companies had to deal with it in some of their most popular software. For instance, Microsoft’s Internet Explorer has had several run ins with zero day vulnerabilities, including a time element remote code execution security hole in 2011. Adobe also had to hurry to patch a SWF file remote memory corruption vulnerability in their Flash Player. And just recently, Russian hackers were revealed to have used a previously unknown vulnerability in Windows to spy on the European Union, the Ukrainian government, private energy companies, telecommunication companies in Europe, countries under the European Union, and a host of other companies and governments.
This is because the payoff for zero day exploits are quite large and there is a huge demand for it. Unlike before when only small time cyber criminals and hackers are interested in breaking into your computer, these days, nation states are showing interest. As you can glean from the examples above, hackers use zero day exploits to spy on governments.
What’s more, it can take time for software vendors and manufacturers to detect a zero day vulnerability. Then it would take days, weeks and even months to come up with a fix for it. This means that you have more time to steal information even before you are detected.
What can you do about zero day vulnerabilities and exploits? Call Four Cornerstone today and find out!
Photo by Anonymous Account.
