A "zero-day" exploit is one of the most dreaded security issues that can happen to a piece of software or hardware. It refers to a situation where a vulnerability in a program, hardware device, or other system is used to attack the same day that the hole is discovered.
In practical terms, it doesn't have to be exactly the same day. The term refers to a situation in which hackers act on the news of a security hole before anyone can patch it. Since there simply isn't enough time to close the breach.
Let's unpack the idea of a zero-day exploit and look at what sort of threat this cybersecurity emergency can present.
It's worth taking a second to look at a word in the term you might gloss over - exploit.
In the world of cybersecurity, the term "exploit" has a rather specific meaning. An exploit is something such as commands, software code, or data that leverages a vulnerability or bug.
Exploits are usually the result of asymmetry between developer resources and those of the hackers. No matter how carefully you design and write your code, you can never come up with every possible angle of attack or combination of circumstances.
Many exploits are incredibly obscure, but it only takes one hacker probing software and hardware obscurities to find it. There are many more people poking at systems to see where they are weak than there are people building these systems. Ultimately it's a numbers game.
The exact form of a zero-day attack varies according to the type of exploit it is. If it's a vulnerability that's amenable to a man-in-the-middle attack, then that's what's likely to happen. If the exploit is better taken advantage of by a virus, then a virus it shall be. The entire array of hacker tools are open to use in the case of a zero-day exploit. However, it's reasonable to expect that suitable attacks that are faster to prepare will appear sooner.
As you might imagine, the responses to these attacks are almost entirely dependent on what precise form they take or which sorts of use cases they take advantage of. Let's have a look at what you can do when zero-day attacks happen.
The most important element of any zero-day attack is time. How long it takes for patches to be released, how long it takes for patches to be applied, and how quickly you become aware of the exploit in the first place.
It might be worth setting up a Google Alert with keywords such as "zero-day" so that you know as soon as anything is published on new problems.
If you hear about a new zero-day exploit that affects something you use, it's important to act quickly. First, try to understand the nature of the exploit. Just because a zero-day exploit exists doesn't mean it's relevant to you.
If the exploit is something that can be used against you, the next step is to see if there is something you can change or do yourself to close the hole. Often developers will issue advice on what to do while they work on an official patch. For example, you might have to block a particular network port.
If there's nothing you can do yourself, the best course of action might be to stop using the compromised software or hardware completely. This is always a tough choice because it may be software or hardware that's critical to your work or needs. Depending on the type of software and exploit, you might consider cutting off internet access or running software within a virtual machine. This could help isolate vulnerable software from being reached.
If you're ever in a position where you discover an exploit based on an unknown vulnerability, it's vitally important that you treat this information correctly. Most software developers and hardware makers have an official program where bugs and vulnerabilities can be reported. Larger organizations might even pay a bounty.
Getting in contact with those who are in a position to plug a vulnerability is the right thing to do. The last thing you should do is let the public know about the exploit yourself. That's because leaked exploits are immediately pounced upon by hackers. The correct procedure is to only announce an exploit once the patch to fix it has already been rolled out.
Security design and bug testing are getting better each year. Professional penetration testers and special software tools are improving the quality of software like never before. That makes the jobs of those looking for exploits for malicious purposes much harder. However, there will never be a time when zero-day exploits are not a major threat. Even if they become very rare, just one can be devastating. So keep your eyes peeled for the next one to leak - it could very well be a matter of hours before you become a victim.