Netflix’s ‘Zero Day’—What Exactly Is A Zero Day Cyberattack?

Netflix’s Zero Day is already making waves, with many fans saying they have binged watched the new thriller show. Starring Robert De Niro, Jesse Plemons and Lizzy Caplan, Zero Day follows a former president (De Niro) as he sets up a task force to respond to a massive cyber-attack.

The show is accessible to anyone, but Zero Day does depict a term used regularly in cybersecurity circles. The situation it describes — a massive cyber-attack taking out multiple services across many operating systems — is fictional, although possible.

The closest real-life example of such an event is the CrowdStrike incident last year which caused millions of Microsoft Windows Systems to fail. However it wasn’t due to a cyber-attack and happened due to a botched update.

Zero Day on Netflix certainly depicts a frightening possibility, so what is a zero day as described in the Netflix series?

What Is A Zero Day?

In cybersecurity, zero day is a commonly used phrase to describe a vulnerability in software that has not yet been fixed. The term zero day stems from the fact that it’s out there and known to the vendor, and there are zero days to issue a fix. It’s therefore a race against time for the vendor responsible for the operating system to issue a patch for the flaw, before attackers can get hold of the details.

As a cybersecurity journalist, I often write about zero day vulnerabilities, which sadly can end up being used in real-life attacks. Apple, for example, just patched a major bug in iOS 18.3.1 that was being used by adversaries to attack iPhones.

In the Netflix show, the term zero day is used by President Evelyn Mitchel (Angela Bassett) when she updates her predecessor played by Robert De Niro following the massive cyber-attack that halts critical services including the subway, all businesses, and grounds flights. However, it’s not just a zero day in one operating system, for example iOS.

In the show, they suspect attackers have simultaneously taken advantage of many zero day vulnerabilities across multiple very different operating systems — iOS, Google Android, Windows and even the supervisory control and data and acquisition (SCADA) based systems that underpins critical infrastructure such as power stations. So there are multiple zero days, all exploited at the same time. This allows adversaries to put a halt to all systems at once for a set time in a major cyberattack.

Which Attackers Take Advantage Of Zero Day Flaws?

In real life, multiple types of attackers take advantage of zero day flaws. They can be motivated by money or political gain in the case of nation state adversaries. In the Netflix show, experts think nation state backed adversaries are responsible for the attack, probably from Russia.

Would Zero Day Happen In Real Life?

The impact of the cyberattack in Netflix’s Zero Day is scary, but could this really happen in real life? Experts don’t think so. “While the possibility of zero day vulnerabilities being leveraged to attack critical national infrastructure is accurate, the means to do so across diverse and distributed systems nationwide at the same moment is unlikely,” says Ben Hutchison, associate principal consultant at Black Duck. “It would need an adversary to compromise multiple widespread systems — each of which have their own constraints and complexities.”

In the Netflix show, the collective attack simultaneously impacting the internet across all networks and industries looks “catastrophic”, says Jake Moore, global cybersecurity advisor at ESET.

However, the chance of this actually happening is “still pretty small,” he says. “A cyber disaster could come in many forms, but the most harmful would be a simultaneous targeted attack on critical infrastructure, such as the banks, hospitals and the government. “We have so many fail safe back up systems across communication channels that a major wipe off grid would take something pretty huge to occur.”

So Netflix’s Zero Day does show something that could technically be possible, but it’s unlikely to play out like that in real life. The new show is TV and it’s fiction, so just enjoy it for what it is.