{"id":361372,"date":"2021-11-02T14:00:00","date_gmt":"2021-11-02T11:00:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/why-are-there-so-many-zero-day-security-holes\/"},"modified":"2021-11-02T14:00:00","modified_gmt":"2021-11-02T11:00:00","slug":"why-are-there-so-many-zero-day-security-holes","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/why-are-there-so-many-zero-day-security-holes\/","title":{"rendered":"#Why Are There So Many Zero-Day Security Holes?"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a260887e85b7\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a260887e85b7\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/why-are-there-so-many-zero-day-security-holes\/#Zero-Day_Vulnerabilities\" >Zero-Day Vulnerabilities<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/why-are-there-so-many-zero-day-security-holes\/#Zero-Days_Have_Found_Their_Moment\" >Zero-Days Have Found Their Moment<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/why-are-there-so-many-zero-day-security-holes\/#Why_The_Sudden_Surge_in_Zero-Days\" >Why The Sudden Surge in Zero-Days?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/why-are-there-so-many-zero-day-security-holes\/#How_To_Defend_Yourself\" >How To Defend Yourself<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#Why Are There So Many Zero-Day Security Holes?&#8221;<\/strong><\/p>\n<div>\n<figure style=\"width: 1200px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage wp-image-762149 size-full\" srcset=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2021\/10\/Apple-iPhone-security-patch.png?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 400w, https:\/\/www.howtogeek.com\/wp-content\/uploads\/2021\/10\/Apple-iPhone-security-patch.png?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 1200w\" sizes=\"auto, 400w, 1200w\" src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2021\/10\/Apple-iPhone-security-patch.png?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"A[pple iPhone showing security patch notification\" width=\"1200\" height=\"675\" data-crediturl=\"https:\/\/www.shutterstock.com\/image-photo\/ios-software-update-page-apple-iphone-1988886704\" data-credittext=\"DVKi\/Shutterstock.com\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/ios-software-update-page-apple-iphone-1988886704\">DVKi\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n<p>Cybercriminals use zero-day vulnerabilities to break into computers and networks. Zero-day exploits seem to be on the rise, but is that really the case? And can you defend yourself? We look at the details.<\/p>\n<h2 id=\"zero-day-vulnerabilities\"><span class=\"ez-toc-section\" id=\"Zero-Day_Vulnerabilities\"><\/span>Zero-Day Vulnerabilities<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A zero-day vulnerability is a bug in a piece of software. Of course, all complicated software has bugs, so why should a zero-day be given a special name? A zero-day bug is one that has been discovered by cybercriminals but the authors and users of the software don\u2019t yet know about it. And, crucially, a zero-day is a bug that gives rise to an exploitable vulnerability.<\/p>\n<p>These factors combine to make a zero-day a dangerous weapon in the hands of cybercriminals. They know about a vulnerability that no one else knows about. This means they can exploit that vulnerability unchallenged, compromising any computers that run that software. And because no one else knows about the zero-day, there will be no fixes or patches for the vulnerable software.<\/p>\n<p>So, for the short period between the first exploits taking place\u2014and being detected\u2014and the software publishers responding with fixes, the cybercriminals can exploit that vulnerability unchecked. Something overt like a ransomware attack is unmissable, but if the compromise is one of covert surveillance it might be a very long time before the zero-day is discovered. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cloudsavvyit.com\/9670\/solarwinds-hack-what-happened-and-how-to-protect-yourself\/\">The infamous SolarWinds attack<\/a> is a prime example.<\/p>\n<p><strong>RELATED:<\/strong> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cloudsavvyit.com\/9670\/solarwinds-hack-what-happened-and-how-to-protect-yourself\/\"><strong><em>SolarWinds Hack: What Happened and How To Protect Yourself<\/em><\/strong><\/a><\/p>\n<h2 id=\"who-uses-zero-day-vulnerabilities\"><span class=\"ez-toc-section\" id=\"Zero-Days_Have_Found_Their_Moment\"><\/span>Zero-Days Have Found Their Moment<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Zero-days aren\u2019t new. But what is particularly alarming is the significant increase in the number of zero-days being discovered. More than double have been found in 2021 than in 2020. The final numbers are still being collated for 2021\u2014we\u2019ve still got a few months to go, after all\u2014-but indications are that around 60 to 70 zero-day vulnerabilities will have been detected by the year-end.<\/p>\n<p>Zero-days have a value to the cybercriminals as a means of unauthorized entry to computers and networks. They can monetize them by executing ransomware attacks and extorting money from the victims.<\/p>\n<p>But zero-days themselves have a value. They are saleable commodities and can be worth huge sums of money to those who discover them. The black market value of the right kind of zero-day exploit can easily reach many hundreds of thousands of dollars, and some examples have exceeded $1 million. Zero-day brokers will <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/zerodium.com\/program.html\">buy and sell zero-day exploits<\/a>.<\/p>\n<p>Zero-day vulnerabilities are very difficult to discover. At one time they were only found and used by well resourced and highly-skilled teams of hackers, such as <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cloudsavvyit.com\/8549\/from-lone-wolf-to-organised-crime-where-cyber-threats-come-from\/\">state-sponsored advanced persistent threat<\/a>\u00a0(APT) groups. The creation of many of the zero-days weaponized in the past has been attributed to APTs in Russia and China.<\/p>\n<p>Of course, with enough knowledge and dedication, any sufficiently accomplished hacker or programmer can find zero-days. White hat hackers are among the good buys who try to find them before the cybercriminals. They deliver their findings to the relevant software house, who will work with the security researcher who found the issue to close it off.<\/p>\n<p>New security patches are created, tested, and made available. They\u2019re rolled out as security updates. The zero-day is only announced once all the re<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tion is in place. By the time it becomes public, the fix is already out in the wild. The zero-day has been nullified.<\/p>\n<p>Zero days are sometimes used in products. The NSO Group\u2019s <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.nsogroup.com\/\">controversial spy-ware product<\/a> Pegasus is used by governments to fight terrorism and maintain national security. It can install itself on mobile devices with little or no interaction from the user. A scandal broke in 2018 when Pegasus was reportedly used by several authoritative states to conduct surveillance against its own citizens. Dissidents, activists, and <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.amnesty.org\/en\/latest\/news\/2020\/06\/nso-spyware-used-against-moroccan-journalist\/\">journalists were being targeted<\/a>.<\/p>\n<p>As recently as September 2021, a zero-day affecting <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">App<\/a>le iOS, macOS, and watchOS\u2014that was being exploited by Pegasus\u2014was detected and analyzed by <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/citizenlab.ca\/2021\/09\/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild\/\">The University of Toronto\u2019s Citizen Lab<\/a>. Apple released a <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/watch-movies-tv-seriess\/\" data-internallinksmanager029f6b8e52c=\"8\" title=\"Watch Movies &amp; TV Series\" target=\"_blank\" rel=\"noopener\">series<\/a> of patches on Sept.\u00a013, 2021.<\/p>\n<h2 id=\"why-the-sudden-surge-in-zero-days\"><span class=\"ez-toc-section\" id=\"Why_The_Sudden_Surge_in_Zero-Days\"><\/span>Why The Sudden Surge in Zero-Days?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>An emergency patch is usually the first indication a user receives that a zero-day vulnerability has been discovered. Software providers have schedules for when security patches, bug fixes, and upgrades will be released. But because zero-day vulnerabilities must be patched as soon as possible, waiting for the next scheduled patch release isn\u2019t an option. It\u2019s the out-of-cycle emergency patches that deal with zero-day vulnerabilities.<\/p>\n<p>If you feel like you\u2019ve been seeing more of those recently, it\u2019s because you have. All mainstream operating systems, many applications such as browsers, smartphone apps, and smartphone operating systems have all received emergency patches in 2021.<\/p>\n<p>There are several reasons for the increase. On the positive side, prominent software providers have implemented better policies and procedures for working with security researchers who approach them with evidence of a zero-day vulnerability. It\u2019s easier for the security researcher to report these defects, and the vulnerabilities are taken seriously. Importantly, the person reporting the issue is treated professionally.<\/p>\n<p>There\u2019s more transparency too. Both Apple and Android now add more detail to security bulletins, including whether an issue was a zero-day and if there is a likelihood that the vulnerability was exploited.<\/p>\n<p>Perhaps because security is being recognized as a business-critical function\u2014and is being treated as such with budget and resources\u2014attacks have to be smarter to get into protected networks. We do know that not all zero-day vulnerabilities are exploited. Counting all of the zero-day security holes isn\u2019t the same as counting the zero-day vulnerabilities that were discovered and patched before cybercriminals found out about them.<\/p>\n<p>But still, powerful, organized, and well-financed hacking groups\u2014many of them APTs\u2014are working full-tilt to try to uncover zero-day vulnerabilities.\u00a0They either sell them, or they exploit them themselves. Often, a group will sell a zero-day after they\u2019ve milked it themselves, as it is approaching the end of its useful life.<\/p>\n<p>Because some companies don\u2019t apply security patches and updates in a timely fashion, the zero-day can enjoy an extended life even though the patches that counteract it have are available.<\/p>\n<p>Estimates suggest that a third of all zero-day exploits are used for <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cloudsavvyit.com\/14472\/what-is-ransomcloud-and-how-do-you-protect-yourself\/\">ransomware<\/a>. Big ransoms can easily pay for new zero-days for the cybercriminals to use in their next round of attacks. The ransomware gangs make money, the zero-day creators make money, and round and round it goes.<\/p>\n<p>Another school of thought says that cybercriminal groups have always been flat-out trying to uncover zero-days, we\u2019re just seeing higher figures because there are better detection systems at work. Microsoft\u2019s <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/click.linksynergy.com\/deeplink?id=2QzUaswX1as&amp;mid=24542&amp;u1=htg\/760042&amp;murl=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2Fmicrosoft-security-intelligence%2F\">Threat Intelligence Center<\/a> and Google\u2019s <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/blog.google\/threat-analysis-group\/\">Threat Analysis Group<\/a> along with others have skills and resources that rival intelligence agencies\u2019 capabilities at detecting threats in the field.<\/p>\n<p>With the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cloudsavvyit.com\/11882\/how-to-migrate-servers-to-the-cloud-easily-with-awss-application-migration-service\/\">migration from on-premise to cloud<\/a>, it\u2019s easier for these types of monitoring groups to identify potentially malicious behaviors across many customers at once.\u00a0That\u2019s encouraging. We might be getting better at finding them, and that\u2019s why we\u2019re seeing more zero-days and early in their life-cycle.<\/p>\n<p>Are software authors getting sloppier? Is code quality dropping? If anything it should be rising with the adoption of <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cloudsavvyit.com\/2842\/how-to-get-started-with-awss-ci-cd-pipelines\/\">CI\/CD pipelines<\/a>, automated <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cloudsavvyit.com\/3905\/what-is-unit-testing-and-why-is-it-important\/\">unit testing<\/a>, and a greater awareness that security must be planned in from the outset and not bolted on as an afterthought.<\/p>\n<p>Open-source libraries and toolkits are used in almost all non-trivial development projects. This can lead to vulnerabilities being introduced to the project. There are several <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cloudsavvyit.com\/14406\/why-the-google-backed-secure-open-source-program-is-so-important\/\">initiatives<\/a> underway to try to address the issue of security holes in open-source software and to verify the integrity of downloaded software assets.<\/p>\n<h2 id=\"how-to-defend-yourself\"><span class=\"ez-toc-section\" id=\"How_To_Defend_Yourself\"><\/span>How To Defend Yourself<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Endpoint_security\">Endpoint protection<\/a> software can help with zero-day attacks. Even before the zero-day attack has been characterized and the antivirus and anti-malware signatures updated and sent out, anomalous or worrying behavior by the attack software can trigger the heuristic detection routines in market-leading endpoint protection software, trapping and quarantining the attack software.<\/p>\n<p>Keep all software and operating systems up to date, and patched. Remember to patch network devices too, including routers and switches.<\/p>\n<p>Reduce your attack surface. Only install required software packages, and audit the amount of open-source software you use. Consider favoring open-source applications that have signed up to artifact signing and verification programs, such as the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/sos.dev\/\">Secure Open Source<\/a> initiative.<\/p>\n<p>Needless to say, use a firewall and use its gateway security suite if it has one.<\/p>\n<p>If you\u2019re a network administrator, limit what software users can install on their corporate machines. Educate your staff members. Many zero-day attacks exploit a moment of human inattention. provide cybersecurity awareness training sessions, and update and repeat them frequently.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>Windows Firewall: Your System&#8217;s Best Defense<\/em><\/strong><\/p>\n<\/div>\n<p><script>\n setTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s) } (window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n   fbq('init', '335401813750447');\n   fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.howtogeek.com\/760042\/why-are-there-so-many-zero-day-security-holes\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Why Are There So Many Zero-Day Security Holes?&#8221; DVKi\/Shutterstock.com Cybercriminals use zero-day vulnerabilities to break into computers and networks. Zero-day exploits seem to be on the rise, but is that really the case? And can you defend yourself? We look at the details. Zero-Day Vulnerabilities A zero-day vulnerability is a bug in a piece of&#8230;<\/p>\n","protected":false},"author":1,"featured_media":361373,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2021\/10\/Apple-iPhone-security-patch.png?height=200p&trim=2,2,2,2","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-361372","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/361372","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=361372"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/361372\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/361373"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=361372"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=361372"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=361372"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}