Organisations tend to get paranoid with the term “Zero-Day”. Also, organisations while Managing Vulnerabilities tend to steal the spotlight around the term “Zero-Day”, when it comes to cybersecurity threats and while dealing with Zero-day attacks, but it is actually the known vulnerability — the “N-day” — that poses a much larger problem for many organizations and particularly those in the “Critical Information Infrastructure” sectors.
What are Zero-Day Attacks?
When a bad actor(s) is/are able to successfully develop and deploy malware that exploits a unknown security flaws or bugs in software, firmware or hardware which the OEM/vendor does not know about, or does not have an official patch or update to address the non-reported weakness (zero day vulnerability), then that malware becomes a zero day attack. As a result of exploiting the vulnerability, the bad actors get unauthorized access to sensitive data and/or critical systems or has caused malicious actions on the system.
What are Zero-Day Vulnerabilities?
Zero-Day Vulnerabilities are unknown security flaws or bugs in software, firmware or hardware which the vendor does not know about, or does not have an official patch or update to address the weakness. Often vendors and users are not aware of the existence of a vulnerability unless reported by a researcher or discovered as a result of an attack.
What is a Zero-Day Exploits?
A Zero-Day exploit is the technique which bad actors use to attack systems that have the vulnerability, this entails processes and codes and its execution. Researchers use exploits to demonstrate the impact of exploiting the flaw to gain unauthorized access or compromise the underlying system. A zero-day vulnerability in a system, can be exploited using the technique/code of an ‘Exploit’.
Based on what vulnerabilities are used, we differentiate multiple types of exploits. A Zero-Day exploit is abusing a zero-day vulnerability – a type of vulnerability which was not known nor patched when first used. Hence a zero-day stays as a zero day, till the same is not declared and its patch/fix is not applied to the subjected system. Once a patch is written and used, the exploit is no longer called a zero-day exploit. These attacks are rarely discovered right away. In fact, it often takes not just days but months and sometimes years before a developer learns of the vulnerability that led to an attack.
The Importance of Vulnerability Management/Assessment in an Organisation
Organisation that are concerned of the evolving threat and they are of the opinion that all systems are with weakness or are of the mind-set that the piece of code and process within their organisation can be subjected to exploitation; will surely maintain a pragmatic and round-the-clock vigil on such vulnerabilities/weaknesses. This process includes identification of risks and vulnerabilities that could be exploited. Organisations also adopt methodology that include multiple interactions of Vulnerability Analysis to identify and remove false-positives to bring the most value to the organisation.
When a vulnerability is discovered, a patch or a mitigation is usually released by the software providers. However, not all systems are updated immediately. It might take weeks to update systems across the organisation, with some mission critical systems taking even longer. Hence, if the organisation is not yet aware of the weakness that may have been exploited in a different organisation; this then still remains a Zero-Day to the present Organisation. If the said organisation is aware of an exploit executed by a Zero-Day Attack, and that the patch is not yet procured by the said organisation; then the same is not called a “Zero-Day” vulnerability, but an “Unpatched Known” vulnerability.
Organisations, especially Nation Critical Infrastructure Organisations, need to have a Vulnerability Management Office, and also a Vulnerability Management/Assessment Strategy in place, especially to cater for Zero-Day Attacks. Such attacks emphasize the need of vulnerability management. With hundreds of vulnerabilities published monthly, companies need to have an asset register and perform vulnerability assessment frequently. It is also a good practice to warn system administrators about newly discovered vulnerabilities that affect the systems they manage.
N-Day and N-Day Exploits
The very fact that a Zero-day vulnerability is not fixed or that the zero-day has been missed out due to ignorance will allow attackers to take advantage of the situation. This gives attackers a decent time period to construct an exploit and deploy it. Such exploits are called N-Day exploits, leveraging already known n-day vulnerabilities. Terms like zero-day and n-day are commonly used in cybersecurity and their understanding is crucial for both vulnerability management and risk assessment.