Zero Day Exploits: What You Need to Know
Undoubtedly, you’ve heard the term zero-day thrown around in news stories and blogs describing a cyberattack, but what sets a zero-day exploit apart from the rest of the motley crew of malware that inhabits the dark corners of the internet?
The term zero-day is used to denote how many days the vendor has had to fix the potential exploit. Know that there are two terms that can accurately describe a zero-day flaw. The most commonly used is a zero-day attack or exploit which describes an exploit actively being abused like the WinRaR or Internet Explorer examples. The other is a zero-day vulnerability, these are usually less pressing. Many times, quality assurance testers have already located these exploits. Or in some cases like the Google Chrome vulnerability from March of this year, a competitor will stumble upon one. It is rare these are disclosed publicly until a patch has been found. Once located bad actors can no longer exploit back doors into a piece of software. A zero-day vulnerability does not mean it is being actively exploited, however in time if they are not patched properly, it can and probably will be.
In the world of software security zero-day exploits carry more potential to do damage. Depending on the nature of the exploit they can steal data, cause software to malfunction or perform tasks that benefit the hacker such as cryptojacking or enrolling your computer to a botnet. They can even reprogram voltage on hardware causing physical damage. Because of the nature of the exploit, this can all happen with your software provider, and anti-virus program being caught totally unaware until they are discovered.
In March of this year Google, in conjunction with Microsoft sent out a warning, they had found a new vulnerability in Microsoft’s most popular operating system, Windows 7. In the same announcement, Google revealed a similar vulnerability in Chrome, Google's browser. The Chrome vulnerability had been fixed by the time the release had been published, the Windows 7 vulnerability had not. The announcement revealed exploits that potentially would have left gaping back doors in both pieces of software that would allow a hacker to read and steal sensitive files on the user's computer.
A month earlier an exploit that allows a hacker to completely take over a victims computer was found in WinRaR an extraction and compression program. A file that had not been updated since 2005 was said to have caused the weakness. In this situation, hackers had actively exploited the weakness over 100 times when it was located. The hole wasn’t fixed until nearly a week after the initial press release.
Microsoft in December of 2018 released a statement that revealed the defunct internet browser, Internet Explorer had a backdoor that hackers were actively exploiting. The exploit had been abused for an undisclosed amount of time. Microsoft released an emergency patch to fix the susceptibility soon after, and a warning advising customers to stop using the browser due to “perils of using Internet Explorer”. Recorded Future has since listed this as the most targeted vulnerability in the world
Software debuggers can find zero-day’s using several different methods. One of the more common is called fuzz testing. Fuzz testing bombards the device or software with random data to make it crash. When the desired result happens, the programmer will attempt to duplicate the crash and take appropriate action. Fuzz testing is considered a brute force attack, and an older method of quality assurance testing but one that is still widely used.
Vendors can substantially limit the damage a zero-day exploit can cause by catching it as soon as possible. However, catching vulnerabilities before they become exploited by hackers is both costly and time-consuming. With end of life software still on the market with a high user base, Windows 7 and Internet Explorer, for instance. If a zero-day exploit is found after the January end of life in 2020 for Windows 7 it leaves many users exposed to various types of malware.
If you’re still using Windows 7 and don’t have a migration plan in place, don’t delay on getting started. The cybercriminals aren’t wasting a minute!