What is a zero-day phishing attack?

Security challenges

Defining zero-day threats and vulnerabilities

Malicious actors and cybercriminals exploit zero-day vulnerabilities with cyberattacks, hoping to damage systems or steal data. A zero-day vulnerability refers to any unknown and unpatched security flaw in a system where attackers discover the issue before the software owner is aware. The presence of these unspecified vulnerabilities constitutes a zero-day threat. 

One of the most common methods for zero-day attacks involves phishing or spear-phishing. A Google study during 2019 found that 68% of the phishing emails blocked by Gmail's security measures used attack methods never seen before. In 2020, the FBI received almost 500,000 cyber-crime complaints with total damages exceeding $3.5 billion, and half of the reported losses totaling over $1.7 billion came from business email compromise. 

Why zero-day attacks are so dangerous

It's pretty standard for cybercriminals to maintain intelligence on zero-day vulnerabilities and reserve them for high-value targets attacks. It's always the hits you don't see that cause the most damage. When attacks exploit vulnerabilities that are not yet known, software companies and vendors don't have time to fix the flaws.

What's worse is that once the attack does become known, there is usually a period before the vendors can develop a fix. This period can be an open season for copycat attacks while nervous customers wait for a priority patch. 

Why traditional security technology is insufficient for zero-day attack prevention

Many people and organizations mistakenly believe that email is an inherently secure method for business communications. Much of this overconfidence stems from claims made by traditional security technology, but these tools fall short in preventing zero-day attacks. Employees at companies using secure email gateways can still end up with more advanced phishing attacks making it into their inboxes. At that point, all it takes is a single click to infect the entire network. 

Secure email gateways rely on traditional methodologies to prevent attacks. They take samples from active, ongoing attacks to identify and shut down future threats. The problem is that modern phishing attacks are far more sophisticated than in the past, and attackers continually evolve their threats so quickly that traditional security measures can't keep up. 

Another way secure email gateways recognize attacks is by observing high-volume spam patterns. Once again, attackers have adjusted and upped their game with low-volume targeted attacks that can bypass spam filters. These attackers use tried-and-true confidence tricks, like impersonating trusted individuals or vendors the employees know. 

As fast as vendors can patch their systems, attackers adapt and develop new ways to exploit zero-day vulnerabilities. To stop phishing attacks from eroding trust, brand value, and company data security, organizations need to move past relying on traditional security tools and look to more intelligent email protection technologies. 

Real-world case: Zimbra email theft

 A series of spear-phishing campaigns recently targeted organizations in the European Government and media via a zero-day cross-site scripting vulnerability in the Zimbra email platform. The perpetrators constructed the attack with an elaborate reconnaissance campaign, and they sent emails with no malicious links to assess which recipients were most likely to open the follow-on communications. 

These emails did not trigger internal security measures because they contained remote images, a standard tool used for analytics and metrics in marketing emails. The attackers made sure the image URLs were unique to each recipient, which allowed them to validate which email addresses were valid. 

With a list of responsive leads, the attackers sent a series of malicious emails in four waves. Each email contained malicious links to attacker controller infrastructure, where they used a unique URL format that exploited a zero-day vulnerability to load JavaScript into the page. Users that clicked the link found that the attackers stole their entire email inbox.

So why didn't secure email gateways and spam filters detect and prevent this attack? Because the attack mirrored a common marketing business practice and therefore wasn't flagged. 

Intelligent email protection with Egress Defend

Attackers run circles around traditional email security solutions by exploiting every systems' most significant vulnerability: human behavior. Today's sophisticated attacks apply the techniques of elaborate confidence scams to exploit technology endpoints and email to access vulnerable systems. 

Egress Defend combines zero-trust models with advanced machine learning and natural language processing to detect and neutralize even the most sophisticated phishing attacks.