NetworkTigers examines the growing threat of zero-day exploits and unforeseen cybersecurity vulnerabilities that hackers exploit before patches exist. These are some of the most dangerous attacks to defend against.
How do you prepare for something you don’t even realize exists? Zero-day exploits pose unique challenges to cybersecurity experts because their very nature is, by definition, unforeseen until the breach occurs. Unlike other kinds of phishing or spyware, zero-day exploits succeed because they find the crack in the system that cybersecurity experts have yet to discover themselves. Learning how to combat them is a complex but necessary challenge in today’s cybersecurity landscape, as the rate of zero-day exploits worldwide has only risen from 2019 onwards.
What is a zero-day exploit?
A zero-day exploit is named for the time a cybersecurity team has to fix the problem once an intrusion has occurred. Zero-day exploits prey upon previously undiscovered vulnerabilities to gain access to systems. Zero-day hacks take advantage of issues that most cybersecurity teams do not know about or have not yet shared. Because of this, the hack often reveals a flaw within the system that designers or network managers have yet to discover themselves.
Not all zero-day exploits are revealed immediately by the hackers who discover them. Some exploits are sold on the dark web for large sums of money. Others lurk hidden in systems for months or years before coming to light. Industry competitors may develop some to spy on company networks instead of directly exploiting them for profit or ransom.
How common are zero-day exploits?
Zero-day exploits affect companies at all levels of design and success. For instance, in 2024, Google reported at least four zero-day vulnerabilities that required immediate fixes. The last one, discovered in July (CVE-2022-2294), affected all Windows and Android users and was classified as a high-level threat. The triple tech giants Microsoft, Apple, and Google account for just under half of actively exploited zero-day vulnerabilities tracked by Mandiant throughout 2021 and 2022.
Zero-day hacks were found to be responsible for half of all malware intrusions in 2019, according to WatchGuard’s list of popular kinds of network attacks. That number has been on the rise in recent years, with Mandiant reporting that out of 138 actively exploited vulnerabilities in 2023, 97, or 70%, were classified as zero-days.
Differences between one-day and zero-day vulnerabilities
One-day vulnerabilities, like the infamous Equifax Apache Struts breach, may be embarrassing but are far less dangerous for cybersecurity teams to handle. One-day vulnerabilities refer to issues within software or hardware that are already evident to network managers but have yet to be addressed. One-day vulnerabilities are a known quantity, even though they can still provide access to hackers. Oftentimes, cybersecurity professionals have a patch in the works before an intrusion occurs with a one-day vulnerability. While one-day hacks can cost companies customer faith, they at least give those responsible for addressing the issue a leg up on the solution once a breach does occur.
By contrast, with a zero-day hack, cybersecurity teams must race against a ticking clock that hackers have started to address an intrusion in real-time. Because of this, zero-day exploits can wreak havoc as some of the most expensive, messy, and dangerous hacks your team may address. Zero-day exploits can also be PR disasters, as companies must reveal that the issue has occurred before they have a fix available.
Infamous zero-day exploits
Zero-day exploits have the potential to shape developments in cybersecurity on hackers’ terms, as teams must respond defensively to existing threats. Some recent and infamous zero-day exploits include:
- Stuxnet: Not all zero-day exploits are developed by individual hackers or cybercriminal gangs working for personal profit. One of the most well-known zero-day hacks was created by the US government in 2010 to sabotage the Iranian nuclear development program. The Stuxnet worm shaped the conversation about cybersecurity on an international stage by revealing the capability of state actors to discover and exploit previously unknown backdoor issues.
- Zoom: When the world relied on Zoom in 2020, a zero-day vulnerability that allowed hackers to access online meetings caused many users to lose faith in the platform. The term “zoombombing” came into the zeitgeist as many users found their work presentations, school classrooms, church groups, and more disrupted by hackers. The Zoom zero-day vulnerability arguably opened the door to the rise of Google Meet, Microsoft Teams, Slack, Webex, GoTo, Discord, and other video conferencing competitors.
- Apple: Even though Apple confidently advertises its security to users, its iOS platform was compromised in 2020 by two sets of zero-day exploits that allowed hackers remote access to iPhones.
Preparing for zero-day threats in network security
Zero-day exploits are some of the most dangerous attacks because they come seemingly out of left field. However, preparing for them also provides a valuable learning opportunity for cybersecurity teams. Some useful methods to prepare for zero-day threats include:
- Practice “least privilege”. The principle of least privilege restricts access to only the necessities for users. Establishing the principle of least privilege can minimize the damage that hackers can do once they access systems. Segmented network access is a vital protection tool that ensures not all accounts can view and download crucial data.
- Run simulations. Test drive your emergency response as a cybersecurity team regularly, and seek out new scenarios to explore your capabilities. By thinking like a hacker, you may be able to anticipate unknown issues and turn zero-days into one-day vulnerabilities.
- Implement CTEM. Continuous Testing and Exposure Management (CTEM) can detect changes in the threat landscape and help your team mitigate exposures.
- Install a web application firewall (WAF). Firewalls cannot prevent all zero-day exploits, but they can help monitor and regulate traffic. Consider a next-generation firewall that provides packet filtering, anti-virus tech, deep packet inspection, and encrypted traffic inspection.
- Backup data. Zero-day hacks are pressure cookers, and fast decisions must often be made in real-time to mitigate damage. Conducting regular backups before threats come to light can help support cybersecurity professionals when they need to make difficult decisions.
Cybersecurity professionals know that no system is perfect. Zero-day exploits may be unavoidable, but they are not unstoppable. By having a plan in place, communicating clearly with team members, and segmenting network access ahead of time, network security administrators can rise to the challenges that zero-day vulnerabilities pose when they inevitably occur.
About NetworkTigers
NetworkTigers is the leader in the secondary market for Grade A, seller-refurbished networking equipment. Founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms, NetworkTigers provides consulting and network equipment to global governmental agencies, Fortune 2000, and healthcare companies. www.networktigers.com.
