What is a Zero Day Exploit and how can you protect yourself from it?

Bastian Späth, CEO/Vorstand EIKONA AG
Highway in Neon filter which stands for a zero-day exploit (ZDE)

In the case of a Zero-Day-Exploit-Attack (ZETA), a vulnerability in a system or software is exploited. And this usually happens on the same day, before developers have developed a patch to close the vulnerability.

Cyber criminals systematically exploit this vulnerability to steal data, for example. Any software or operating system can be affected. In the past, recurring hardware problems occurred in the form of processor design flaws, such as: Meltdown and Spectre vulnerabilities. The more widespread the system with this flaw, the higher the probability that someone will also exploit the vulnerability.

Why are they so dangerous?

The problem with Zero-Day-Exploits is that the vulnerability is known before it is officially patched. However, this happens with a delay, simply because larger companies in particular are sluggish and the vulnerability may also simply not become known. In addition, the patch must first be developed and then imported. This makes a Zero-Day-Exploit particularly dangerous: they are usually only noticed because the attacker is already using them. Even if he and a developer learn of a vulnerability at the same time, it is usually easier for a hacker acting alone to react than for the company. In the worst case, the manufacturer is only informed about the exploit after the hacker has already used it. At the same time, attackers can start their foray and steal content or hijack computers. The internet has exacerbated this problem, especially since such loopholes are traded on the darknet without the manufacturers' knowledge.

The Market for Zero-Day-Exploits

There is a separate market for Zero-Day-Exploits on which, depending on the type of vulnerability and the number of affected systems, different prices are paid for exploits. Hacker trade Zero-Day-Exploits in their circles, but also make them available to software manufacturers or government agencies (intelligence services).

Google: A quarter of all Zero-Day-Exploits in 2020 were avoidable

Google's Project Zero team has announced in its 2020 Year in Review that a quarter of the Zero-Day-Exploits discovered last year could have been prevented if vendors had issued appropriate patches for the underlying vulnerabilities. In the blog post, the team spoke of how of the 24 Zero-Day-Exploits discovered in the wild in 2020, six were related to previously disclosed vulnerabilities.

"Some of these Zero-Day-Exploits only required changing one or two lines of code to get a new working exploit," said Maddie Stone, a security researcher at Project Zero.

How can you protect yourself from this?

Because the vulnerabilities used by Zero-Day-Exploits are unknown, it is difficult to effectively protect potentially compromised systems. However, some precautions can be taken to minimise the risk of zero-day hacks.

For example, data transmission on the network should be protected and encrypted. The installed Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) provide additional protection as they can react to abnormal communication patterns and independently notify the administrator or take countermeasures. Since all software can be a key entry point for zero-day attacks, users should minimise the number of programmes on the system and remove unused software from the system. It is also important to ensure that all programmes and operating systems are up to date.

Bastian Späth
Bastian Späth

As a college-educated computer scientist, Bastian Späth understands how IT solutions are developed from the ground up. For more than 15 years, he has spent every workday collecting requirements, finding ideas, developing designs, setting up projects and getting them safely across the finish line.

Add a comment

What is the sum of 5 and 2?