AVG Signal Blog Security Threats Zero-Day Attacks: What You Need to Know

What is a zero-day attack?

Zero-day attacks, also called zero-day exploits, are successful attempts by cybercriminals to find and exploit previously unknown software vulnerabilities. Unfortunately, all software has weak points that can provide backdoors for hackers to insert malware or commit data breaches. Attacks that exploit vulnerabilities that software engineers were previously unaware of are called “zero day” attacks, because developers had zero days to fix the issue before the attack happened.

This article contains:

    Although the definition of a zero-day attack may sound sinister, these sorts of attacks don’t vary much technically from other common malware attacks. Nevertheless, zero-day exploits are especially difficult to detect and defend against, simply because the vulnerability they target is unknown at the time of the attack to the engineers who wrote the code. That’s why hackers seek out and exploit zero-day opportunities.

    What is a software vulnerability?

    Software vulnerabilities are flaws in the design of a particular program, software, or operating system that offer cybercriminals an opportunity to hack into a device or network. As soon as a vulnerability is discovered, developers rush to fix the issue through a software update known as a patch, which closes the window of opportunity. Ideally, developers can apply patches before hackers have discovered the weakness and exploited it.

    Not all software flaws can be exploited, but once a hacker identifies one that’s still unknown to the software’s developers, the vulnerability becomes a zero-day threat.

    There’s almost a constant battle between developers attempting to minimize vulnerabilities and cybercriminals looking to exploit new flaws and weaknesses. While software vulnerabilities cannot be completely avoided, strong antivirus software can detect and defend against threats in real-time, offering powerful protection against any potential exploit, even a zero-day exploit that attempts to jam up your system with malware.

    How do hackers identify vulnerabilities?

    The moment a new program or software update is released, you can be sure that hackers will be working overtime to find weaknesses in its security or design that can be made vulnerable to exploits. With every hour that passes, the likelihood of finding a flaw that hasn’t already been discovered diminishes, along with the time available for hackers to actually launch an exploit before developers release a patch to slam the door shut.

    Cybercriminals actively search out flaws in computer code using software toolssuch as automated static analyzers — that can determine if, how, and why a particular piece of code behaves in an unintended way. Not all software flaws can be exploited, but once a hacker identifies one that’s still unknown to the software’s developers, the vulnerability becomes a zero-day threat.

    Not all software vulnerabilities can be exploited.Not all software vulnerabilities can be exploited — some may be fairly straightforward to hack, like the window in the middle, while others may be too difficult, like the window on the right.

    Hackers focus on finding exploitable vulnerabilities within popular programs, web browsers, and operating systems in order to target as many users as possible before the underlying problem is patched and fixed. A common technique for exploiting, say, a web browser vulnerability is to use email phishing methods to lure recipients into unwittingly visiting compromised websites. Hackers also use phishing techniques to trick people into downloading compromised documents that contain zero-day vulnerabilities.

    How are zero-day attacks detected?

    The only surefire way to detect and defend against a zero-day exploit is for developers themselves to discover and fix the software vulnerability before hackers have a chance to exploit it. By definition, once a previously unknown vulnerability has been exploited and a zero-day attack unfolds, it’s already too late. For this reason, developers spend a lot of time and devote a lot of resources to finding and plugging vulnerabilities immediately, thereby cutting off zero-day attacks at the source.

    Once a previously unknown vulnerability has been exploited and a zero-day attack unfolds, it’s already too late.

    Even after zero-day attacks have delivered their payloads — usually some form of malware — they often continue to slip below the radar until the symptoms of the infection become apparent. This is particularly true of devices and networks that rely on passive “signature-based” antivirus software that can only find and thwart established (or known) threats. 

    More sophisticated “heuristics-based” antivirus detection software — like that used by AVG AntiVirus FREE — is needed to identify and defend in real-time against the most recent and dangerous zero-day malware by examining files for suspicious characteristics or patterns.

    Once a zero-day attack has been detected, it’s a race against time for security teams and developers to minimize the damage. Cybersecurity teams rush to ensure they know how to remove the malware and update their software to include the new signature. Similarly, software developers scramble to patch their code and prevent further exploits. The sooner all of this is done, the greater the chance that the overall impact of the attack can be managed, because fewer people are left exposed.

    Why are zero-day attacks so dangerous?

    Zero-day attacks are particularly dangerous security breaches precisely because they are unknown quantities. In response to an attack, a software developer can create a patch, but this does nothing to help those who’ve already been affected. And since zero-day attacks usually target software soon after its release, it can be quite a while until a new patch is made available to fix the vulnerability, leaving end users dangerously exposed.

    To make matters worse, many traditional antivirus systems use threat-detection tools that rely on matching telltale signatures to known cyberattacks. Because zero-day attacks use previously unknown vulnerabilities (and possibly unencountered malware), not only can they remain undetected for long periods of time, but they’re also much more difficult to defend against.

    This is another reason why maintaining updated antivirus software is so vital. The kind of advanced heuristic scanning employed by the best antivirus programs can identify and protect against previously unknown threats as they emerge, offering a powerful defense against even zero-day attacks.

    With cutting-edge and constantly updated threat detection, AVG AntiVirus FREE offers advanced security across the full range of potential zero-day attack vectors.

    Are zero-day attacks common?

    Unsurprisingly, given the difficulties of detecting and defending against them, zero-day exploits have grown to become one of the most popular methods employed by hackers. In fact, some of the most serious global cybersecurity breaches have been zero-day attacks, and recent studies estimate that around 30 percent of all malware attacks target zero-day vulnerabilities.

    Since just a small minority of exploitable vulnerabilities are discovered, this clearly still represents a major potential growth sector for cybercrime. A look at some of the most recent zero-day attacks shows that this type of threat is unlikely to disappear anytime soon.

    The most notorious zero-day attacks

    Arguably the most infamous zero-day attack was that which rocked Sony Pictures in 2014. The exact vulnerability that allowed hackers to penetrate and exploit the corporation’s security is still shrouded in secrecy. But the hacker group gained almost complete access to Sony’s network — and they remained undetected for several months, before eventually leaking a trove of confidential data including employees’ personal information, internal emails, financial data, and unreleased film scripts.

    To cap it all off, the group then used malware to wipe the company’s hard drives and cripple their network infrastructure. The Sony hack is a sobering example of what a zero-day attack can do and why they’re so dangerous — even when used against supposedly secure networks, zero-day exploits can remain undetected long after the attack is launched.

    Most zero-day attacks attract far less attention, but they can be just as devastating. The recent CVE-2019-0797 exploit that compromised Microsoft’s ubiquitous Windows operating system in 2019 typifies the constant game of cat-and-mouse played by cybercriminals and developers.

    The Microsoft vulnerability was swiftly discovered by cybersecurity professionals, but not before hackers used it to gain complete control over personal computers all around the world. Within weeks, Microsoft released a patch, but the vulnerability remained a glaring risk for users who didn’t promptly update their software. 

    Meanwhile, as soon as the patch was released, hackers turned their attention to finding holes in the new software, too, resulting in another zero-day attack on Windows just months later.

    How to protect against zero-day attacks

    Despite the obvious danger posed by zero-day attacks, there are, thankfully, a number of steps that you can take to minimize the threat.

    The easiest and simplest defense against zero-day attacks is to keep your programs, operating systems, and drivers fully updated. Zero-day patches are the most effective way of neutralizing threats caused by vulnerabilities, but they’re only effective if you actually use the latest version of the software. Every minute you wait before updating puts you needlessly at risk from vulnerabilities that developers have already identified and fixed.

    But no matter how often you update your software to protect against known threats, new and unknown threats will always emerge. And it’s impossible to completely prevent zero-day attacks from happening. Instead, when a cyberattack occurs, you should focus on staying as secure as possible. That’s why using a comprehensive cybersecurity tool is so important — it gives you the best chance of detecting and removing a threat before it compromises your security.

    AVG AntiVirus FREE not only updates itself automatically as new threats are identified, but also uses cutting-edge heuristic detection methods to block and remove even unknown viruses. With AVG AntiVirus FREE you’ll browse comfortably and confidently, knowing your devices are always fully protected against even the very latest threats.

    Protect your iPhone against threats with AVG Mobile Security

    Free install

    Protect your Android against threats with AVG AntiVirus

    Free install