What is a 'Zero Day Attack'

Zero Day Attack (also referred to as Day Zero) is an attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of. The software developer must rush to resolve the weakness as soon as it is discovered in order to limit the threat to software users. The solution is called a software patch. Zero-day attacks can also be used to attack the internet of things (IoT).

A zero-day attack gets its name from the number of days the software developer has known about the problem.

BREAKING DOWN 'Zero Day Attack'

A zero day attack can involve malware, spyware, or unauthorized access to user information. Users can protect themselves against zero day attacks by setting their software – including operating systems, antivirus software, and internet browsers – to update automatically and by promptly installing any recommended updates outside of regularly scheduled updates. That being said, having updated antivirus software will not necessarily protect a user from a zero day attack, because until the software vulnerability is publicly known, the antivirus software may not have a way to detect it. Host intrusion prevention systems also help to protect against zero day attacks by preventing and defending against intrusions and protecting data.

Think of a zero-day vulnerability as an unlocked car door that the owner thinks is locked but a thief discovers is unlocked. The thief can get in undetected and steal things from the car owner’s glove compartment or trunk that may not be noticed until days later when the damage is already done and the thief is long gone.

While zero-day vulnerabilities are known for being exploited by criminal hackers, they can also be exploited by government security agencies who want to use them for surveillance or attacks. In fact, there is so much demand for zero-day vulnerabilities from government security agencies that they help to drive the market for buying and selling information about these vulnerabilities and how to exploit them.

Zero day exploits may be disclosed publicly, disclosed only to the software vendor, or sold to a third party. If they are sold, they can be sold with or without exclusive rights. The best solution to a security flaw, from the perspective of the software company responsible for it, is for an ethical hacker or white hat to privately disclose the flaw to the company so it can be fixed before criminal hackers discover it. But in some cases, more than one party must address the vulnerability to fully resolve it so a complete private disclosure may be impossible.

In the dark market for zero-day information, criminal hackers exchange details about how to break through vulnerable software to steal valuable information. In the gray market, researchers and companies sell information to militaries, intelligence agencies, and law enforcement. In the white market, companies pay white hat hackers or security researchers to detect and disclose software vulnerabilities to developers so they can fix problems before criminal hackers find them.

Depending on the buyer, the seller, and the usefulness, zero day information might be worth a few thousand to several hundred thousand dollars, making it a potentially lucrative market to participate in. Before a transaction can be completed, the seller should provide a proof-of-concept (PoC) to confirm the zero-day exploit’s existence. For those who want to exchange zero-day information undetected, the Tor network allows for zero day transactions to be conducted anonymously using Bitcoin.

Zero-day attacks may be less of a threat than they sound like. Governments may have easier ways to spy on their citizens and zero days may not be the most effective way to exploit businesses or individuals. An attack must be deployed strategically and without the target’s knowledge to have maximum effect. Unleashing a zero-day attack on millions of computers at once could reveal the vulnerability’s existence and get a patch released too quickly for the attackers to accomplish their ultimate goal.

Examples of Zero Day Attacks

In April 2017, Microsoft was made aware of a zero-day attack on its Microsoft Word software. The attackers used a malware called Dridex banker trojan to exploit a vulnerable and unpatched version of the software. The trojan allowed the attackers to embed malicious code in Word documents which automatically get triggered when the documents are opened. The attack was discovered by antivirus vendor McAfee which notified Microsoft of its compromised software. Although the zero-day attack was unearth in April, millions of users had already been targeted since January.

  1. Advanced Persistent Threats (APT)

    An Advanced Persistent Threat (APT) is a large-scale, sophisticated, ...
  2. Eavesdropping Attack

    An eavesdropping attack is an incursion where someone tries to ...
  3. Intrusion Detection System (IDS)

    Intrusion Detection System (IDS) is a computer program that automatically ...
  4. Ransomware

    Ransomware is a cyber-extortion tactic that uses malicious software ...
  5. Cryptojacking

    Cryptojacking is a form of cyber attack in which a hacker hijacks a ...
  6. Data Breach

    A data breach is an unauthorized access and retrieval of sensitive ...
Related Articles
  1. Investing

    Security Stocks Up After Global Ransomware Attacks

    Investors bet that companies and governments will spend more to secure their networks.
  2. Insights

    Who Stands To Lose (And Gain) From The Paris Attacks

    For every major world event, there are those who stand to lose and those who stand to gain. A look at the short, medium, and long-term impacts of the Paris attacks.
  3. Personal Finance

    How Cyber Security Risks Impact Your Bank

    Here's how cyber security risks mean for the financial industry and consumers.
  4. Investing

    Intel Chip Flaw Lets Hackers Access Windows Devices Remotely

    Intel disclosed a new security flaw that enables hackers to access Windows PCs, servers and laptops remotely without the need for a password.
  5. Small Business

    The Top 10 Hidden Factors Affecting Software Stocks

    Want to invest in software? Here are the most important factors affecting profits, revenues, and stock price of software companies
  6. Managing Wealth

    Insulating Your Portfolio Against the Impact of a Terrorist Attack

    Advice and strategies to help your investment portfolio hold up against the adverse effects of a terrorist attack on the markets.
  7. Investing

    Credit Suisse Says 'WannaCry' Should Make Microsoft Shareholders Happy

    Microsoft may benefit from the 'WannaCry' ransomware attack that spread over the weekend as it prompts more companies to upgrade to Windows 10.
  8. Tech

    A New Economic Threat: State-Sponsored Hacking

    State sponsored hacking attempts are becoming a major cause of concern to the US. Here is a list of US sectors most vulnerable to state-sponsored hacking.
  9. Financial Advisor

    Your Financial Advisory Firm Has Been Hacked. Now What?

    Taking the right steps following a cyber attack can mitigate the impact on clients.
  10. Insights

    Airlines Begin to Feel the Effects of Terrorism (RYAAY, DAL)

    Most major airlines are starting to see the financial effect from recent terrorist activity in Europe.
  1. What impact have terrorist attacks had on the insurance industry?

    Learn about the impact of terrorist attacks on the insurance industry and how the 9/11 terrorist attack led to important ... Read Answer >>
  2. What are some of the better types of financial analysis software?

    Discover what features make for good financial analysis software, some popular options and why analysts need to pick the ... Read Answer >>
  3. What should I look for when choosing a forex trading platform?

    A trading platform is a piece of software that acts as a conduit for information between a trader and a broker. A trading ... Read Answer >>
Hot Definitions
  1. Perfect Competition

    Pure or perfect competition is a theoretical market structure in which a number of criteria such as perfect information and ...
  2. Compound Interest

    Compound Interest is interest calculated on the initial principal and also on the accumulated interest of previous periods ...
  3. Income Statement

    A financial statement that measures a company's financial performance over a specific accounting period. Financial performance ...
  4. Leverage Ratio

    A leverage ratio is any one of several financial measurements that look at how much capital comes in the form of debt, or ...
  5. Annuity

    An annuity is a financial product that pays out a fixed stream of payments to an individual, primarily used as an income ...
  6. Restricted Stock Unit - RSU

    A restricted stock unit is a compensation issued by an employer to an employee in the form of company stock.
Trading Center