A 0-day flaw? What is it exactly ?


Alexander Boero

May 04, 2022 at 3:45 p.m.

1

virus loophole

Behind the generic term “0-day” or “zero-day” flaw hide the latest vulnerabilities detected and potentially exploited by hackers.

The unknown is often scary, and this feeling is even more striking when it comes to cybersecurity. So-called “0-day” attacks are particularly feared by manufacturers and suppliers, since they are security vulnerabilities detected and exploited by cybercriminals before developers can even notice them.

The dangers of 0-day

More precisely, the term zero-day corresponds to the day on which a developer or a supplier becomes aware of a vulnerability, often that of a cyberattack. At that time, he therefore by definition has zero days to correct the flaw and deploy a patch, if he wants to prevent the latter from causing further damage. But there are actually different phases in the zero-day concept, as Kaspersky aptly describes.

A 0-day software vulnerability is detected by hackers before the vendor or developer, making it easy to turn attacks into successes. The 0-day exploit, on the other hand, is a method that cybercriminals use to attack systems that suffer from a vulnerability that has not been previously identified. And finally, the 0-day attack itself uses a 0-day exploit to compromise a system affected by a vulnerability, or else to steal its data.

The danger of zero-day is that beyond the identification of the vulnerability, two other elements take time and are therefore favorable to hackers: the time required for the patch (which can take days or even weeks since its operation, as Avast reminds us) and deployment by the user directly, which is often at their discretion, and not necessarily automated.

Vulnerabilities on the rise, which hackers often put up for sale on the Dark Web

To identify a zero-day vulnerability, hackers inject massive amounts of data, at different intervals, before testing the reaction of the program they are targeting. While most of the time this process results in a software crash, unexpected behavior may occur, ie execution of malicious code. We then speak of an “exploit”. Using past vulnerabilities to try to adapt them to other programs or situations is also a common method among attackers. It can then happen that the hacker, who does not forget the business dimension of his activity, resells his information on the Dark Web, where vulnerabilities can be sold at high prices.

ESET explains for its part that the exploitation of vulnerabilities has reached record levels. This is due in particular to the sometimes state support enjoyed by cybercriminals, who take advantage of it to increase their activity.

In 2021, Mandiant for its part identified no less than 80 exploited zero-day vulnerabilities, more than double the previous record (32), which dated from 2019. Three-quarters of these flaws come from Microsoft, Apple and Google products. And even if this rising figure is partly explained by an improvement in detections (which is a good thing in itself), it is also justified by a greater circulation of connected objects and an increasingly busy Cloud, thus increasing the volume and complexity of Internet-connected software and systems.

On the same subject :
Data breach: France, 4th country most affected by intrusions in the first quarter

Best Antivirus, the 2022 comparison

What is the best antivirus solution in 2022? Discover our complete comparison to help you find the one that best suits your needs.
Read more

Sources: Kaspersky, Avast, Beggar, ESET



Source link -99