zero-day vulnerability

What Is A Zero-Day Vulnerability?

With increasing levels of attempted cyberattacks, software and anti-virus companies are increasingly on the lookout for cybercriminals able to create new threats. We explain more about these threats known as Zero-Day vulnerabilities which are growing in frequency.

What is a Zero-Day vulnerability?

A Zero-Day vulnerability is an unknown virus or piece of malware. Typically, it will have been engineered to allow hackers and cybercriminals to exploit previously unknown security gaps within software or application.

As both the risk and the Zero-Day malware are typically new or unknown, it can be easy for such vulnerabilities to slip past anti-virus and email filtering software undetected. And depending on the weakness that’s being exploited, the Zero-Day vulnerability may be able to avoid traditional detection methods altogether.

Typically as soon as a security gap is uncovered, software developers will work to patch the security gap. This can often be done quickly but can be problematic if the software is no longer supported.

Examples of Zero-Day Vulnerabilities

Zero-Day vulnerabilities are found all the time. Zoom even found one for users running Windows 7 (which introduced problems as the OS was unsupported).

Perhaps the most famous Zero-Day vulnerability was Stuxnet – a piece of malicious worm software that was used to disrupt machinery operations at Iran’s nuclear enrichment programme. It was believed to be international sabotage and the first major example of the weaponisation of malware.

How to protect against Zero-Day vulnerability?

While Zero-Day malware can be complex, in nearly all cases it enters systems in exactly the same way as other viruses and malware – emails and link downloads.

Users therefore need to show extra vigilant – particularly with regard to emails from unknown senders with attachments or links of any kind.

Before opening any attachment or clicking on a link, please ensure that you are 100% confident that it is genuine and was intend something you were expecting to receive.

Although .zip attachments and the like are more prominent carriers of the virus, standard office files and seemingly genuine website links are also used.

For more information on cybersecurity or to discuss IT security requirements please get in touch:

 

Contact Us
Back to feed