Zero-Day Exploits on the Rise

Compliance Challenges and Unrealistic Budgets
March 10, 2020
Bounty Programs
March 10, 2020

Zero-Day Exploits on the Rise

A zero-day vulnerability is a flaw within a hardware or software system that developers didn’t discover during the testing process.

A zero-day vulnerability is a flaw within a hardware or software system that developers didn’t discover during the testing process.

That vulnerability can be exploited by malware to cause all sorts of problems. Zero-days are dangerous, prized vulnerabilities, and exploiting them is a favorite activity of malicious hackers. Once the flaw is revealed, programmers have “zero days” to do anything about it.

In January 2020, a Microsoft zero-day was discovered, involving Internet Explorer, that would allow someone to gain remote access to a computer. Also in January, Chinese hackers used a zero-day in the Trend Micro OfficeScan antivirus system used by Mitsubishi Electric to gain access to the company’s network.

The Italian spyware maker Hacking Team (HT) helped bring zero-days into the spotlight when it was found selling commercial hacking software to law enforcement agencies in countries all over the world. Data leaked from HT, along with a massive dump of 400 gigabytes of internal emails, revealed a number of zero-day exploits. The HT breach helped to shine a light on a growing zero-day marketplace, with information identifying certain exploits being sold for as much as $500,000.

Tools to exploit vulnerabilities will be in greater demand in the near future.