If you’re looking for a cybersecurity term that sounds intimidating and impressive to those who aren’t familiar with the field, you’d be hard pressed to find a better phrase than “zero-day threat.” It’s catchy, it hints at clandestine activity, and it’s taken advantage of vulnerabilities found with the systems of a large health organization and one of the biggest technology companies in the world. But what does it mean actually?
What it is
In truth, the term “zero-day threat” is an umbrella term used to describe a cyberattack that takes advantage of a previously unknown bug or vulnerability that has not been fixed, or “patched,” in a program. The “zero-day” part of a zero-day exploit is simply a measurement tool, much like a calendar. It describes the amount of days between when the vulnerability is discovered and when a fix for that vulnerability is made available. For example, let’s say I have discovered a previously unknown bug in a program and report it to the program’s developers. That bug is considered a zero-day vulnerability because the developers have had zero days to work on a fix. If the developers fail to fix or mitigate the bug the next day, it becomes a “one-day” exploit. This measurement continues until a patch is issued.
Why it’s important
We’ve covered what “zero-day threat” means, but why are these vulnerabilities such a big deal? Well, zero-day vulnerabilities, like most bugs, are fairly harmless on their own. But when they’re used in conjunction with other exploits — known malware variants for example and, in extreme cases, other zero-day exploits — they become incredibly powerful tools.
For example, let’s say a cybercriminal wants to install a Remote Access Trojan (RAT)— a tool used to spy on a victim’s activities and manipulate an infected computer — onto a targeted computer, but simply cannot get access to the target’s computer. If the cybercriminal was resourceful enough, they could theoretically use a zero-day vulnerability (which, in this scenario, would become a zero-day exploit since it’s being actively used to exploit a system) as a means of getting onto the target’s system. Once they’ve gained that foothold they can begin to spy, steal and sabotage a target’s network or system.
Zero-day threats are incredibly valuable simply because they offer cybercriminals a better opportunity to compromise a victim’s device. In fact, these threats can fetch a lot of money. A zero-day vulnerability for iOS (Apple’s operating system), for example, can be worth as much as a half a million dollars, according to WIRED, and can likely bring in even more on the black market. Zero-day vulnerabilities are such a big concern that tech companies often offer cybersecurity researchers bug bounties for identifying and documenting these bugs.
What you can do
So, what can you do to stay secure in a world filled with zero-day threats? Well there are actually a few steps you can take to reduce the risk of falling victim to one of these exploits. Let’s take a look:
- Update your programs and operating systems. The most security-friendly thing you can do — aside from using unique and complex passwords — is to simply update your software, computer and devices as soon as updates are made available. This is because updates often contain fixes that eliminate zero-day vulnerabilities and enhance your security posture. So, update your software when you can.
- Reduce the number of applications you use. Another way to reduce your exposure to zero-day exploits is to reduce the number of programs you use. It’s just simple math: the fewer opportunities there are for zero-day vulnerabilities to exist on your device, the less likely you’ll fall victim to a zero-day exploit.
- Use comprehensive security. No device should be without a comprehensive security solution. These programs, like McAfee LiveSafe™ can help monitor your devices for known malware variants. Additional security programs, like McAfee SiteAdvisor can also help reduce the likelihood you’ll come across dangerous websites — making it less likely that you’ll face a zero-day exploit while online.