Over 60% of ransomware attacks in 2024 utilized zero-day exploits, resulting in damages worth billions of dollars. Cybercrime is estimated to cost the world USD 10.5 trillion by 2025, according to Cybersecurity Ventures.

Let us look at why zero-days are dangerous, how zero-day exploits are found, the most significant incidents around the world, what we will see in 2025, and what you can do to combat zero-days with a good response plan.

Why Zero-Days are a Big Problem

A zero-day exploit targets a vulnerability in software, hardware, or firmware before the vendor or the security community knows of it. The attacker can exploit these vulnerabilities to steal data, deploy ransomware, or disrupt a service without anyone initially being aware of it. There is no patch or signature for a defense at the moment an organization becomes aware of a zero-day exploit; there is simply no time to defend against the attack vector.

How Zero-Days are Found

Fuzz Testing: Automated Vulnerability Search

Fuzz testing involves the user inputting random or malformed data into an application, then checking for unexpected behaviors (such as crashing) that often indicate a bug is present underlying the unexpected behavior. Modern fuzzers, such as AFL++ and Google’s OSS-Fuzz, employ techniques that leverage coverage-guided and AI-assisted risk-aware code coverage approaches, ultimately identifying higher-risk paths in code. OSS-Fuzz, since its inception, has identified over 8,000 critical bugs in open-source projects (Google Security Blog, 2024). Once fuzzing has been integrated into a CI/CD pipeline, it provides teams with the opportunity to discover potential vulnerabilities and prevent them during the development process.

Bug Bounty Programs: Paying the Hackers to Help Us

Bug bounty programs allow organizations to provide incentives to external researchers to discover and disclose defects to the researcher’s specifications. Platforms such as HackerOne or Bugcrowd help facilitate these relationships between organizations and ethical hackers. In 2024, Google paid out over $10 million to successful vulnerability rewards, demonstrating the proactive nature of these discovery programs. Well-designed bug bounty programs can reduce the chances of zero days being sold to the black market.

The Biggest Zero-Day Attacks in History

Stuxnet (2010): This worm exploited four chained Windows zero-days (CVE-2010-2568) that enabled it to bypass multiple layers of security and gain control of SCADA systems, ultimately sabotaging the Iranian nuclear program. Stuxnet proved that isolating critical systems and keeping industrial technology current are requirements, not negotiable.

EternalBlue (2017): A stolen exploit from the NSA (CVE-2017-0144) that took advantage of a Windows exploit helped spawn the WannaCry and NotPetya ransomware attacks that locked out over 300,000 systems worldwide. A lesson learned that delaying patching creates risk.

Log4Shell (2021): A zero-day flaw in Apache Log4j (CVE-2021-44228) was exploited, allowing attackers to remotely execute their code on impacted cloud-based systems and enterprise applications. This incident highlighted the importance of Software Bill of Materials (SBOM) tools to help track our third-party open-source components.

MOVEit (2023):The SQL injection zero-day (CVE-2023-34362) in MOVEit Transfer helped the CL0P gang easily steal an unknown amount of data from over 2,700 organizations and provided insight into our vulnerabilities through the supply chain

What’s Coming in 2025

Cybercriminals are not going to surrender, and zero-days are evolving quickly. The implications include:

• Artificial Intelligence Attacks: Hackers are employing AI-powered fuzzers to identify vulnerabilities quicker than before, and they are increasingly simulating real-world traffic so they can infiltrate your defenses.
• Dark Web Purchases: Zero-day exploits are now being sold on dark-web markets as subscriptions, with costs ranging from $100,000 to $10,000,000.
• Ransomware’s Next Step: Ransomware groups are also buying zero-days to get into systems, which makes the attacks targeted and even more lethal.
• Internet of Things Vulnerabilities: With estimates that by 2025 there will be over 20 billion things connected to the Internet, there are plenty of unpatched firmware vulnerabilities in smart cities and smart factories.
• Cloud Environments Vulnerabilities: Unprotected organizations’ misconfigured cloud environments, in particular Kubernetes, are now a prime target for zero-days.

Fighting Back: A Zero-Day Response Plan

Utilizing the NIST “Incident Response Life Cycle” (SP 800-61R2), here is a strategic plan for dealing with a zero-day:

Remain Ahead of the Game with Threat Intel

• Watch Feeds: Monitor CISA’s Known Exploited Vulnerabilities list, MITRE ATT&CK, etc., and tools like Recorded Future to glean insight on early threat detection.
• JOIN ISACs: Join an Information Sharing and Analysis Center for your specific industry to gather real-time attack data and countermeasures, and then immediately do something with it.

Virtual Patching: Buying Time

When a vendor patch isn’t ready, use these workarounds:

Best Practices to Take on

• Spot It: Use tools like Nagios to identify troubling behavior and determine the impacted systems.
• Contain It: Block infected endpoints/services or turn off vulnerable services.
• Fix It: Deploy patches or temporary fixes and/or restore clean systems from backups.
• Clean It Up: Look for hidden threats or ways hackers may return.
• Learn from It: Reconfigure your defenses and test more code to mitigate future attacks.

Using Nagios to Stay Safe from Zero-Days

Nagios XI is a powerful tool that helps keep your systems safe by monitoring for any unusual activity in your network, such as unexpected spikes in data or changes in your apps. It monitors everything from your servers to your applications, quickly spotting signs of a zero-day attack. With quick alerts, Nagios XI lets you act fast to stop problems before they grow into bigger issues. Nagios XI also works in offline setups, keeping your systems less exposed.

Wrapping Up

Zero-day exploits present a significant challenge, and it should be acknowledged that attackers have the advantage on a zero-day. However, with some proactive measures, the advantage can shift from attackers to defenders. By incorporating fuzzing during development, engaging ethical hackers, and properly conducting a response plan, organizations can reduce their risks posed by zero-days. By continually testing and improving their defenses, organizations can stay ahead of the ever-evolving threat landscape.

Glossary

• eBPF: A Linux tool for monitoring system behavior in real time.
• JNDI: A Java interface exploited in Log4Shell attacks.
• SBOM: A list of all software components to track vulnerabilities.
• Fuzzing: A testing technique that inputs random or malformed data to uncover software vulnerabilities.
• Virtual Patching: Temporary security measures to block exploits until vendor patches are available.

In December 2020, hackers slipped malicious updates into SolarWinds’ Orion platform, hitting over 18,000 organizations with data breaches and ransomware attacks. A year later, the Log4j vulnerability put millions of systems at risk with just one line of Java code. A 2022 Security Magazine report says software quality issues cost the U.S. economy $2.41 trillion.

This article breaks down the risks of third-party software, explains what to look for, and shares practical steps to keep your systems secure.

Why Third-Party Software Risks Matter

Third-party software, including open-source libraries, commercial packages, and cloud services, is essential to modern applications but introduces significant vulnerabilities. Weaknesses in these components can lead to data breaches, operational disruptions, or regulatory penalties under standards like the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA). A 2023 Cybersecurity Ventures report noted that supply-chain attacks are a growing threat, with third-party software as a primary attack vector. By proactively managing these risks, businesses can safeguard their systems and maintain trust.

Steps to Assess and Mitigate Risks

1. Map Your Software Ecosystem

You can’t protect what you don’t know about. Start by listing all the software your applications use.

Make a Software Bill of Materials (SBOM) to track everything from open-source libraries to commercial tools and cloud services like APIs or SaaS platforms. Tools like CycloneDX or System Package Data Exchange (SPDX) create clear visuals of how your software connects, including hidden dependencies. Check this list every three months to catch any changes.

Benefit: Helps you see all the software you rely on.

2. Evaluate Risk Factors

Look closely at your software to find risks that could cause trouble.

Examine how often open-source projects are updated and who’s working on them using platforms like GitHub or GitLab. Active projects with many contributors are usually safer. Use the National Vulnerability Database (NVD) to check for known issues and their severity. Make sure software licenses, like General Public License (GPL) or Massachusetts Institute of Technology (MIT), won’t cause legal problems, using tools like FOSSA to verify.

Benefit: Pinpoints risky software so you can act fast.

3. Leverage Automated Scanning Tools

Integrate Software Composition Analysis (SCA) into your continuous integration/continuous deployment (CI/CD) pipeline for early detection.

Use tools like the Open Worldwide Application Security Project (OWASP) Dependency-Check to scan for known vulnerabilities or Snyk for real-time alerts and remediation guidance. Run scans on each pull request via GitHub Actions or Jenkins, adjusting severity thresholds to minimize false positives.

Benefit: Detects issues before they reach production.

4. Conduct Manual Reviews

Manual reviews complement automation for deeper insights.

Verify cryptographic signatures, such as GPG or Secure Hash Algorithms (SHA), for software binaries and updates to prevent tampering. Review open-source project commit histories for suspicious activity, such as unverified contributors or sudden contribution spikes.

Benefit: Uncovers risks that automated tools may miss.

5. Assess Vendor Security

Not all software or cloud services are built with security in mind.

Ask vendors about their security practices using questionnaires like Standardized Information Gathering (SIG) or the Cloud Security Alliance’s Consensus Assessment Initiative Questionnaire (CSA CAIQ), focusing on encryption, incident response, and access controls. Check for certifications like System and Organization Controls (SOC) 2 or information security standard (ISO) 27001, and look for weaknesses, like poor authentication. Review vendors yearly or after any security issues.

Benefit: Makes sure your vendors meet high security standards.

6. Prioritize and Remediate Risks

Not all vulnerabilities are equal. Sort them by how serious they are.

Focus on critical issues with high Common Vulnerability Scoring System (CVSS) scores (above 8.0) in widely used software that hackers already know how to exploit. Tackle moderate issues (CVSS 4.0–7.9) in less critical systems next. Ignore minor issues with no known exploits unless they’re easy to fix. You can patch problems, swap risky software for safer options like Simple Logging Facade for Java (SLF4J) instead of Logging for Java (Log4j), or isolate weak components using network separation or tools like Docker.

Benefit: Saves time by tackling the most dangerous threats first.

7. Implement Continuous Monitoring

Ongoing vigilance is essential to manage dynamic supply chain risks.

Sign up for vendor security alerts and Common Vulnerabilities and Exposure (CVE) updates through tools like Snyk or Black Duck. Use zero-trust principles to check every piece of software regularly. Try AI-powered tools like Synopsys Polaris to spot unusual patterns in software vulnerabilities.

Benefit: Maintains security in an evolving threat landscape.

Risk Assessment Checklist

Final Thoughts

Third-party software can expose your business to serious risks, but you can tackle them with the right steps: map your software, check for vulnerabilities, use automated tools, do manual reviews, review vendors, prioritize fixes, and keep monitoring for threats.

In today’s connected world, cyberattacks are inevitable. Take action now to strengthen your defenses and stay ahead of threats.