A zero-day attack takes advantage of a previously-unknown vulnerability. In this video, you’ll learn about zero-day attacks and how organizations can react to a zero-day vulnerability.
Many of the applications and operating systems that we currently use have vulnerabilities. One of the problems, though, is that we’ve not found those vulnerabilities yet. The vulnerabilities are somewhere within the inner workings of those applications and operating systems, but we just haven’t found where they are quite yet. Fortunately, there are very smart people that are researching and trying to find these vulnerabilities before the attackers do.
Most of the time, these good guys will work directly with the publishers and developers of the applications and the operating systems to close those particular vulnerabilities before they’re found by someone else. Very often, attackers will find vulnerabilities in these operating systems, but won’t tell anyone the vulnerability exists. That’s because they would like to take advantage of these vulnerabilities and exploit them before anyone else knows that the problem is even there.
A brand new vulnerability that has only recently been identified and perhaps may not have a sufficient way to mitigate is referred to as a zero-day a vulnerability. Attackers love to take advantage of these vulnerabilities because there might not be a patch available yet for the operating system or the application. And before a patch has been released, they can now create exploits and try to take advantage of that vulnerability.
These vulnerabilities happen a lot more than you might think, and one way that you could track them is through a CVE. This is the Common Vulnerabilities and Exposures database, and you can find this at cve.mitre.org. Very often these zero-day vulnerabilities may only affect a relatively small number of operating systems or applications. But there was one type of zero-day vulnerability that affected millions of devices that were publicly available over the internet.
This was the Log4j remote code execution vulnerability, and it was discovered on December the 9th of 2021. Log4j is a service provided from Apache that runs as a Java-based logging utility, and it is installed on millions of servers around the world. What’s interesting about this vulnerability is not just its size, but how long it had been sitting dormant. The code that allowed this vulnerability to exist was introduced on September the 14th of 2013, but we did not discover it until 2021.
Between December 9th and December the 14th, we had a zero-day vulnerability. Fortunately, a patch was released five days later, and there was a huge amount of effort that went underway to apply that patch to the millions of devices that were affected. It turns out that was not the only vulnerability associated with this software. Since so many people were affected by this software, you had a lot more researchers looking at the code of Log4j.
And we found two additional issues that were fixed on December 17th. This is a very good example of how vulnerabilities can sit dormant inside of software, until someone comes across a vulnerability that might affect millions of devices.