Real-world attacks: The hidden dangers of Zero-Day exploits

Zero-day vulnerabilities represent some of the most critical and perilous threats in the digital field, especially when it comes to geopolitics and cyberwarfare. These undisclosed flaws, unknown even to the software developers, provide adversaries with a potent weapon that can be used to infiltrate and disrupt critical infrastructure, steal sensitive information, or manipulate systems undetected.

In the context of international relations, zero-days are often seen as digital equivalents of stealth weapons, capable of tipping the balance in a cyber conflict. Nation-states may stockpile these vulnerabilities as part of their cyber arsenals, leveraging them to gain strategic advantages over rivals, influence political outcomes, or conduct covert operations without leaving a trace.

The unpredictability and potential impact of zero-day exploits make them a formidable tool in the modern era of cyberwarfare, where the battle for control and dominance increasingly plays out in the invisible realm of cyberspace.

7 recent real-world attacks

Here are some of the most recent and well-known zero-days in the world:

• MOVEit Transfer Vulnerability (2023): This vulnerability affected the MOVEit Transfer software, used for secure file transfers. It allowed remote code execution, which was exploited by malicious actors to gain access to systems and exfiltrate data.

• Fortinet SSL-VPN Vulnerability (CVE-2023-27997): This vulnerability in Fortinet's SSL-VPN allowed attackers to remotely execute code on vulnerable devices. It was exploited in the wild before Fortinet released a patch.

• Microsoft Exchange ProxyNotShell (2022): A set of vulnerabilities in Microsoft Exchange that allowed attackers to perform remote code execution (RCE) and gain privileged access to servers. These exploits were used in targeted attacks before they were publicly disclosed and patches were released.

• Google Chrome Zero-Day (CVE-2023-4863): A zero-day vulnerability in Google Chrome, actively exploited, allowed attackers to execute arbitrary code on affected systems. Google released a patch shortly after the vulnerability was revealed.

• Apple iOS Zero-Days (2023): Several zero-day vulnerabilities in iOS were exploited in the wild, allowing attackers to compromise iPhone devices through remote code execution and privilege escalation.

Both Log4Shell and ProxyLogon were highly critical vulnerabilities, but they are not classified as zero-day vulnerabilities.

• Log4Shell (CVE-2021-44228): While this vulnerability was extremely dangerous and widespread, it was not a zero-day because it was publicly disclosed and then exploited after the disclosure. Once it was revealed, attackers quickly began exploiting it, leading to a global scramble to patch affected systems.

• ProxyLogon: The vulnerabilities under the ProxyLogon umbrella were also disclosed publicly and then rapidly exploited in the wild. Like Log4Shell, ProxyLogon became a significant issue after it was disclosed, with patches being released by Microsoft, but attackers leveraged the window of time between disclosure and patching to launch widespread attacks.

In both cases, while the vulnerabilities had severe consequences, they were not zero-days because they were not exploited before being known to the software vendors and the public. Zero-day vulnerabilities are, by definition, exploited before the vendor or public is aware of the flaw and before a patch is available.