Newly found vulnerabilities with no patch available, or zero day vulnerabilities, are only successful when attackers use zero day exploits to leverage them. But what is a zero day exploit?
A Zero Day exploit is the code that attackers use to leverage or exploit the vulnerable piece of software to compromise a system or network. Zero day exploits are usually sold on the dark web as pre-built packages that cybercriminals can then execute.
Like any other vulnerability, it grants an unauthorized actor access to sensitive information or systems because of an inherent flaw in defenses. Unauthorized access typically comes as a result of insufficient security measures, and bad actors taking advantage of a flaw that makes an entire system vulnerable for exploitation.
These exploitations often result in data breaches, where data is compromised, stolen, and exfiltrated from a system without the knowledge or authorization of its owner. The most famous recent cases of data breaches include the log4j vulnerability first discovered in late 2021, and the Okta breach from March 2022.
The list, of course, goes on and on, from the Google Chrome breach of early 2021 and Zoom vulnerability of 2020 to the many exploits of Windows software and systems over the past decade. It’s no coincidence that most readers have heard of these companies before; attackers typically use zero day exploits against large companies where the most damage (and the most reward) can be found.
While every zero day exploit is unique, they all involve an opening being discovered and then forced open, typically for nefarious purposes.
Why is it called a zero day?
The term zero day (sometimes written 0day) means that the affected company has practically no time (zero days) to fix the vulnerability once it is discovered, and before attackers start exploiting it. In short, it means a problem that has not yet been fixed.
The term is also used to refer to zero day attacks, which put companies on alert that they need to mitigate a recently found problem. While zero day vulnerabilities are usually patched as soon as the vendor can fix them, people often postpone updating for days, weeks, or even years. As a result, zero day exploits continue to be profitable for cybercriminals.
In the context of third party risk management (TPRM), zero days can not only affect organizations directly, but also through one of their third party vendors. This is why they are sometimes called mid-cycle events, meaning they can happen anytime during a relationship or contract with a vendor.
How is a zero day exploit different from a zero day attack?
As mentioned above, a zero day exploit may simply refer to the code used to exploit a vulnerable piece of code, or a weak point in any system. However, a zero day attack is the entire procedure of using a zero day exploit to gain access to the system, exploit the vulnerability, and either perform or make possible the exposure of sensitive data.
To further understand the difference, Norton clearly lays out a distinction of terms in defining: a zero day vulnerability (or zero day threat) as a flaw in security software that’s unknown to someone interested in mitigating the flaw, like a developer; from a zero day exploit, when attackers devise a practical tool to leverage a zero day vulnerability for malicious reasons; from a zero day attack, when attackers leverage a zero day exploit to commit a cyberattack.
This is an important distinction because zero day vulnerability detection can be a normal part of due diligence in any security system. However, even if a patch is rolled out, unless it is adopted uniformly across an organization and its third party supply chain, vulnerabilities will persist and exploits can become attacks. The Equifax breach of 2017 was widely discussed as an unfortunate example of this.
How can TPRM assist in a zero day event?
ThirdPartyTrust has written extensively about zero day events in the past. Our zero day solutions page is a living repository of free news, educational resources, and remediation tips for any organization concerned about the next zero day attack.
The biggest take-away for any organization with this type of concern is understanding where vulnerabilities (and exploits) are most likely to occur. While cybercriminals often target the big companies hit by attacks in major headlines, it’s often the much smaller third party vendors within their supply chains that present the biggest opportunity for bad actors to exploit a network.
Using TPRM tools (third party risk management software, sometimes simply called vendor management) to assess and monitor your organization’s third party vendors is the single best way to ensure that your supply chain is as secure as possible from top to bottom.
As part of your due diligence, continuous monitoring, and ongoing reassessment processes, you need to make sure that your vendors are enforcing standards that keep your business safe. Should a zero day vulnerability appear, you can ask your vendors if they’re vulnerable, how are they planning to respond, or request additional assurances —all through a standardized third party risk management process.
Want to know more? Let us show you how ThirdPartyTrust can help you plan your zero day response in the hopes that in doing so you’ll never actually be vulnerable to a zero day to begin with. It’s not too late to start; we can walk your company through your best defenses today with no obligation.
Don’t let zero days be “wake up calls.”
Unpredictable vulnerabilities will be an ongoing concern for security teams inthe foreseeable future.
In this guide you will learn the fundamentals of zero days, patterns from our statistical analysis, and tips to reduce risk and remediate zero days if/when they happen.
