What is a Zero-Day Attack?
What is a Zero-Day Attack?
A zero-day attack is a cybersecurity attack on an unknown or unfixed vulnerability that is exploited by malicious hackers. Originally, hackers would try to get into a developer’s computer to find vulnerabilities before the software was released. In this sense, the term “zero-day” was a reference to the number of days until the software was released. The term evolved over time to refer to the number of days a developer has to fix the vulnerability.
When they discover a zero-day vulnerability, software and hardware vendors need to patch their software to address the vulnerability before it is exploited. The zero-day vulnerability will still be open to exploitation until the users update their software. Some common zero-day attack vectors include malicious websites that exploit web browsers that haven’t been updated and malicious email attachments that target email clients.
Zero-day vulnerabilities are dreaded in the industry because computer security professionals are not aware of them, and they may exist for some time before they get discovered. Once found, users must patch their software to protect themselves.
Examples of High Profile Zero-Day Attacks
2006 – The Stuxnet Attack
One of the earliest and most famous zero-day attacks was against Iranian nuclear facilities. The attack was supposedly orchestrated by the US National Security Agency (NSA) and was unique in that it sped up centrifuges to damage nuclear hardware.
2013 – The Yahoo Attack
The personal identifying information (PII) of more than 3 billion Yahoo accounts was hacked in 2013 — but wasn’t revealed until 2016. Verizon was acquiring Yahoo News as news of the zero-day attack broke, and this negatively affected the purchase price.
2014 – The Sony Entertainment Attack
In 2014, hackers broke into Sony Entertainment’s network, accessing business communications, business plans, and unreleased movies. At the time, this was a historical, high-profile corporate attack.
2016 – The Democratic National Committee (DNC) Attack
One of the most widely reported and politically impactful attacks occurred in 2016 when hackers gained access to over 19k emails and 8k attachments from the DNC. The DNC servers had up to six vulnerabilities that were prone to exploitation. There has been speculation that a foreign government actor may have orchestrated this attack to influence American elections.
2017 – The MS Word Attack
A trojan horse named Dridex delivered via MS Word email attachments wreaked havoc in 2017 after millions of users fell prey to the attack.
2018 – The Marriott International Attack
As early as 2014, hackers compromised Marriott’s Starwood reservation database and gained access to personal identifying information (PII), credit card numbers, and preferences. The NY Times reported that a Chinese intelligence group was behind the attack.
2019 – The Alibaba Attack
Hackers accessed customer data from more than 1.1 billion Alibaba accounts via their TaoBao website. The hackers were crawling this data for more than eight months before the vulnerability was discovered.
2019 – The Facebook Attack
Hackers breached more than 540 million Facebook user accounts and stole personal identifying information (PII), comments, likes, and more by exploiting Amazon S3 buckets.
2021 – The LinkedIn Attack
More than 90% of LinkedIn’s users — some 700 million — had their personal information stolen and posted to the dark web by hackers who exploited LinkedIn’s API. Research in the UK shows that cybercriminals can use this stolen data in sophisticated social engineering attacks.
Risks of Zero-Day Attacks
Risks for Consumers
The sheer breadth of these famous attacks shows us that most people who are active on social media — or who aren’t vigilant about phishing — have likely had their personal information and passwords compromised. Centralized databases of user information are ripe targets for hackers, and the proliferation of cloud-based SaaS products has created an ever-expanding ecosystem of targets.
Early attempts to help individuals resecure their online activity came from consumer-focused password management vendors like LastPass. A growing number of services can scan leaked passwords and notify the user to change their login credentials. These scans have expanded to SaaS products themselves, which may recommend you change a password if it has been part of a breach.
Risks for consumers aren’t limited to stolen passwords or credit card numbers. Stolen demographic and social media interactions may also be used to create social engineering and phishing attacks. There is speculation that bad actors are leveraging individuals’ metadata to create finely targeted social media-driven propaganda or disinformation campaigns to influence political views or behavior.
Risks for Businesses
For businesses, zero-day attacks are extremely destabilizing. First and foremost, they hurt your brand and deteriorate trust within your customer base. Trust is difficult to rebuild, and its loss may have a cascading financial impact.
Loss of trust is not limited to your customers; it extends to your partners too. Yahoo News had to sell to Verizon at a lower price — a prime example of how zero-day attacks impact existing business plans. The financial impact will likely go well beyond the loss of trust, resulting in direct costs in IT spending and potential legal issues.
These are just the known risks. An attack like Stuxnet is unique as it demonstrated that a cyberattack has the potential to destroy physical hardware. That level of sophistication and innovation is uncommon but shows how future cyberattacks can evolve in unexpected ways.
The Challenge of Reducing the Risk of a Zero-Day Attack
Unfortunately, by their very definition, there is no way to truly prevent zero-day attacks because they exploit an unknown vulnerability. Zero-day attacks are effective against secure networks and can go undetected for some time. They leverage numerous attack vectors and tend to be innovative. The best defense is to have the most robust security solutions in place so you can respond quickly and mitigate potential damage.
Taking a Zero Trust Approach
Today’s blended workforce and cloud ecosystem require a modern approach to governing and managing identities in the cloud. The best way an organization can protect their customers — and themselves — in the event of a zero-day attack is to implement a Zero Trust model which continuously re-evaluates the risk and trust level of every digital interaction. Basically, the Zero Trust approach implies that your systems are set up to trust no one, have separation of duties in place, and enforce least privilege so that users only have access to the right sensitive data for the least amount of time.
Refactoring your security architecture to support modern cloud-based technologies requires a modern identity solution that integrates with existing security and compliance tools. This way, a Zero Trust Identity Architecture can continue to enforce existing use cases while enabling the creation of new ones. Achieving this requires architecture built upon interoperable solutions that can readily exchange information. This will also enable your organization to make use of visibility, risk, and threat intelligence to drive automated decision-making.
In the wake of several high-profile cyberattacks and security breaches involving federal agencies, the National Institute of Standards and Technologies (NIST) created an abstract definition of a Zero Trust Architecture along with several deployment models. Elaborated in NIST SP 800-207, Zero Trust Architecture, this model provides a roadmap for enterprise security architects looking to implement Zero Trust-based approaches to information security.
Building a Zero Trust architecture isn’t a simple, one-step process. It instead requires implementing new solutions that can gather intelligence across your IT ecosystem and inform the SASE, access management, and security tools that enforce policies. Designing such an architecture means thinking differently about interconnectivity and the value of an open, standards-based approach. It means thinking smarter in your entire approach to identity and security across your organization.
Saviynt’s Identity Cloud
Saviynt’s Identity Cloud is built in the cloud, for the cloud, with Zero Trust in mind. It’s the only FedRAMP-authorized SaaS solution for Identity Governance and Administration (IGA) and Cloud Privileged Access Management (CPAM). Saviynt Identity Cloud is a modular, converged cloud platform developed on a single code base, without bolted-on solutions from third-party acquisitions complicating the implementation process. Each solution can operate independently — allowing customers to select the product that suits them — and can integrate Identity Cloud with existing solutions.