Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search

What is a zero-day and the risk of targeted cyber attacks

Redazione RHC : 16 July 2025 11:05

Zero-day vulnerabilities are one of the greatest cybersecurity risks for organizations. These are unknown and unpatched vulnerabilities that attackers exploit to penetrate computer systems and compromise data security.

In this article, we’ll explore zero-day vulnerabilities, how they’re discovered, how hackers use them, their market, and what the best practices are to prevent and mitigate these attacks.

Indice dei contenuti nascondi
1. What is a zero-day vulnerability?
2. How zero-day vulnerabilities are discovered
3. Types of Vulnerability Disclosure zero-day
4. Zero-day Brokers and Private Bug Bounty Programs
5. The most famous attacks that exploited zero-day vulnerabilities
6. How to Prevent and Mitigate Zero-Day Attacks

What is a zero-day vulnerability?

A zero-day vulnerability is a computer security vulnerability in software, an operating system, or an application that is unknown to the software manufacturer, users, and security experts. This means that developers have not yet had time to identify and fix the vulnerability, and therefore there is no patch or security update available to protect a software or hardware system.

Attackers can exploit a zero-day vulnerability to gain unauthorized access to a system, execute malicious code, install malware, steal information, or compromise data security. Because the vulnerability is unknown to the software vendor, attackers can use exploits undetected and without the software or operating system being able to defend itself.

Zero-day vulnerabilities can be discovered by security researchers, ethical hackers, or cybercriminals, and can be used to carry out highly targeted attacks against specific organizations or a broad audience of users. Since there is no solution available to immediately fix the zero-day vulnerability, organizations face a potentially critical security threat.

How zero-day vulnerabilities are discovered

Zero-day vulnerabilities can be discovered In several ways. In some cases, they are discovered accidentally or by chance by security experts or end users. However, most zero-day vulnerabilities are discovered through research techniques conducted by computer security experts and independent researchers.

These experts use a combination of automated and manual techniques to analyze software and operating system code, trying to identify security vulnerabilities. Security researchers can also use fuzzing techniques, which consist of generating random inputs for software and then analyzing their behavior to identify any errors or anomalous behavior.

Additionally, security researchers can use bug bounty programs, where software developers pay security experts to identify and report vulnerabilities in their products. Bug bounty programs can incentivize security experts to invest time and resources in finding zero-day vulnerabilities.

It’s important to note that cybercriminals can also use the same research techniques to identify zero-day vulnerabilities and exploit them for malicious purposes. Therefore, computer security experts and independent researchers are required to respect the principles of professional ethics and follow responsible disclosure procedures to ensure that discovered vulnerabilities are reported to software vendors and fixed before they are exploited by attackers.

Types of Vulnerability Disclosure zero-day

Zero-day vulnerabilities can be disclosed to the community in several ways, each with its own advantages and disadvantages. Here are the main types of zero-day vulnerability disclosure:

  1. Responsible Disclosure: Responsible disclosure involves reporting the vulnerability to the software vendor or cloud service provider so it can be fixed before attackers exploit it. This process is typically handled by security researchers, security experts, and information security professionals who work with the software vendor to fix the vulnerability. Responsible disclosure can take several months to complete, but it offers the advantage of allowing software vendors to patch the vulnerability before it can be exploited by attackers.
  2. Public disclosure: Public disclosure involves disclosing the vulnerability to the public, without prior notification to the software vendor or cloud service provider. This process is typically used by independent researchers, ethical hackers, and activists to raise awareness of security vulnerabilities. Public disclosure can lead to the vulnerability being patched, but it can also cause significant damage, as attackers can exploit the vulnerability before it is patched.
  3. Third-party disclosure: Third-party disclosure involves reporting the vulnerability to third-party organizations, such as governments or intelligence agencies. Disclosure to third parties can result in the vulnerability being fixed, but it can also lead to its exploitation by third-party organizations, such as in espionage or cyberwarfare.
  4. Disclosure to private bug bounty programs: Disclosure to private bug bounty programs, such as intermediaries, specific cybersecurity firms, or an intelligence service. This process is often used by hackers or security researchers seeking to monetize the vulnerabilities they have discovered without providing information to the vendor of the product that discovered the security flaw. This type of disclosure can lead to the vulnerability being fixed, but it can also cause significant damage, as the buyer could use the vulnerability for malicious purposes, such as using it in espionage products that are then resold to governments or intelligence services (e.g., Pegasus, Karma, FinFisher, etc.).

In summary, zero-day vulnerabilities can be disclosed in several ways. Responsible disclosure is generally considered the best option, as it allows the software vendor to patch the vulnerability before it can be exploited by attackers and allows the computing community to update systems before they are exploited.

However, there are cases where public or third-party disclosure may be justified, such as when the software vendor fails to act promptly to patch the vulnerability, perhaps after months and months of reminders to fix the previously reported security bug.

Zero-day Brokers and Private Bug Bounty Programs

The reselling of zero-day vulnerabilities to zero-day brokers is a phenomenon that has developed in recent years and has raised several cybersecurity concerns. A zero-day broker is an intermediary who purchases zero-day vulnerabilities from security researchers (bug hunters) or other vendors and resells them to clients, such as governments, intelligence services, and cybersecurity firms.

Buying and selling zero-day vulnerabilities has become a highly lucrative market, as these vulnerabilities can be used to attack computer systems and compromise data security.

One of the most notorious cases of zero-day vulnerability use is the Pegasus surveillance software, developed by the Israeli company NSO Group. Pegasus has been used by several governments to spy on journalists, activists, and other sensitive targets. The software uses a combination of social engineering techniques and zero-day vulnerabilities to gain access to users’ devices and collect sensitive information. The vulnerabilities used by Pegasus were purchased from zero-day brokers and were not disclosed to the public or to software vendors.

The use of zero-day vulnerabilities in intelligence systems like Pegasus has raised several concerns about cybersecurity and user privacy. Zero-day vulnerabilities can be used to attack devices without users’ knowledge and without software vendors being able to patch the vulnerability. This means that users can be spied on or their sensitive information can be stolen without the users having any possibility of defense.

The most famous attacks that exploited zero-day vulnerabilities

Over the years, there have been several high-profile attacks that have exploited zero-day vulnerabilities to compromise the cybersecurity of organizations and individuals. Here are some examples of well-known zero-day attacks:

  1. Stuxnet: Stuxnet was a highly sophisticated cyberattack that targeted the Iranian nuclear program in 2010. The attack was developed by the United States and Israel and exploited four zero-day vulnerabilities to infect computer systems at the Natanz nuclear facility. The attack caused several centrifuges to malfunction, setting back Iran’s nuclear program by several years.
  2. WannaCry: WannaCry was a global ransomware attack that affected organizations around the world in 2017. The attack exploited a zero-day vulnerability in Windows to infect users’ computer systems. Once infected, the ransomware encrypted users’ files and demanded a payment in bitcoin to decrypt them.
  3. Pegasus: As we’ve seen previously, Pegasus was surveillance software developed by the Israeli company NSO Group. The software used several zero-day vulnerabilities to gain access to users’ devices and collect sensitive information. Pegasus has been used by several governments to spy on journalists, activists, and other sensitive targets.
  4. Hacking Team: Hacking Team was an Italian cybersecurity company that was hacked in 2015. The attack revealed that the company had sold zero-day vulnerabilities to governments and organizations for surveillance purposes. The attack has raised several concerns about cybersecurity and user privacy.

There have been several high-profile attacks that have exploited zero-day vulnerabilities to compromise cybersecurity, but preventing and mitigating zero-day attacks is very difficult and requires a combination of technical security solutions and good corporate security practices.

How to Prevent and Mitigate Zero-Day Attacks

Preventing zero-day attacks requires a combination of technical security solutions and good business practices. Here are some best practices for preventing and mitigating zero-day attacks:

  1. Regularly update your software: Software vendors regularly release security updates to fix known vulnerabilities. Make sure you regularly update the software on your computer and all other devices you use.
  2. Use advanced security solutions: Security solutions such as antivirus, firewalls, and advanced threat detection solutions can help detect and prevent zero-day attacks. Make sure you use up-to-date security solutions and configure them correctly to ensure the best possible protection.
  3. User education: Zero-day attacks often exploit human vulnerabilities, such as clicking a phishing link or downloading a malicious file. Be sure to educate users about security risks and provide cybersecurity training to reduce the risk of attacks.
  4. Constantly monitor systems: Constantly monitoring systems can help detect zero-day attacks before they cause significant damage. Be sure to monitor systems in real time and have a rapid response if an attack is detected.
  5. Collaborate with security experts: Collaborating with external security experts can help organizations identify and mitigate zero-day vulnerabilities. Be sure to work with trusted security experts and implement their recommendations to improve data security.
  6. In conclusion, zero-day vulnerabilities pose a significant threat to organizations’ cybersecurity. However, implementing advanced technical security solutions and good business practices can help prevent and mitigate zero-day attacks. Be sure to be aware of security risks and adopt best practices to protect your systems and information.

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli
Categories
Banner
Redhotcyber is an open-news project that was launched in 2019 and subsequently expanded into a network of individuals collaborating to disseminate information and topics focused on technology, Information Technology, and cybersecurity. Its goal is to increase risk awareness among an ever-growing number of people.

Editorial board : [email protected]

Facebook Linkedin Youtube Telegram Twitter Pinterest Tumblr