A zero-day exploit is an attack that takes advantage of a mostly unknown security vulnerability.
After reading this article you will be able to:
Copy article link
A zero-day exploit (also called a zero-day threat) is an attack that takes advantage of a security vulnerability that does not have a fix in place. It is referred to as a "zero-day" threat because once the flaw is eventually discovered, the developer or organization has "zero days" to then come up with a solution.
A vulnerability is an unintended software or hardware flaw stemming from a programming error or an improper configuration. Because vulnerabilities are unintentional, they are hard to detect, and can go unnoticed for days, months, or sometimes even years.
When attackers identify a previously unknown vulnerability, they write code to target that specific vulnerability and package it into malware. The code, when executed, can compromise a system.
There are various ways for an attacker to exploit zero-day vulnerabilities. One common tactic is to distribute malware through phishing emails that contain attachments or links that have the exploits embedded into them. These malicious payloads are executed when a user interacts with the attachment or link.
A famous zero-day attack involved Sony Pictures Entertainment in 2014, when sensitive information such as copies of unreleased movies, email communications between top employees, and business plans were released to the public. The attackers used a zero-day exploit to obtain this information.
Zero-day exploits can adversely affect a business in a number of ways. In addition to losing valuable or confidential data, customers might lose trust in the business, and the business might have to divert valuable engineering resources to patch the flaw.
By definition, zero-day threats are difficult to detect. Several strategies have been developed to help make detection easier:
While no single approach can completely prevent vulnerabilities from appearing in code, several tactics and tools can minimize their risk. Two of the most important technologies for stopping vulnerability exploits are browser isolation and firewalls.
Browsing activity such as opening an email attachment or filling out a form requires interaction with code from untrusted sources, allowing for attackers to exploit vulnerabilities. Browser isolation keeps browsing activity separate from end user devices and corporate networks, so that potentially malicious code does not run on the user's device. Browser isolation can be done in three ways:
A firewall is a security system that monitors incoming and outgoing traffic based on preset security policies. Firewalls sit between trusted and untrusted networks (most often the Internet) to protect against threats, block malicious content from reaching a trusted network, and prevent sensitive information from leaving the network. They can be built into hardware, software, or a combination of both. By monitoring traffic, a firewall can block traffic that may target a security vulnerability, leading to a zero-day exploit.
Remote browser isolation: Cloudflare's remote browser isolation solution conducts a user's browsing activity on a supervised cloud environment via sandboxing. Since browsing activity is isolated from users' end devices, those devices are protected from vulnerabilities like zero-day threats.
Web application firewall (WAF): The Cloudflare WAF helps protect web applications against malicious HTTP traffic. Since zero-day threats are hard to detect and the security landscape is constantly changing, a Managed Ruleset helps protect against these vulnerabilities. Cloudflare regularly updates Managed Rulesets to provide ongoing protection.