What is a 'Zero Day Attack'

Zero Day Attack (also referred to as Day Zero) is an attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of. The software developer must rush to resolve the weakness as soon as it is discovered in order to limit the threat to software users. The solution is called a software patch. Zero-day attacks can also be used to attack the internet of things (IoT).

A zero-day attack gets its name from the number of days the software developer has known about the problem.

BREAKING DOWN 'Zero Day Attack'

A zero day attack can involve malware, spyware, or unauthorized access to user information. Users can protect themselves against zero day attacks by setting their software – including operating systems, antivirus software, and internet browsers – to update automatically and by promptly installing any recommended updates outside of regularly scheduled updates. That being said, having updated antivirus software will not necessarily protect a user from a zero day attack, because until the software vulnerability is publicly known, the antivirus software may not have a way to detect it. Host intrusion prevention systems also help to protect against zero day attacks by preventing and defending against intrusions and protecting data.

Think of a zero-day vulnerability as an unlocked car door that the owner thinks is locked but a thief discovers is unlocked. The thief can get in undetected and steal things from the car owner’s glove compartment or trunk that may not be noticed until days later when the damage is already done and the thief is long gone.

While zero-day vulnerabilities are known for being exploited by criminal hackers, they can also be exploited by government security agencies who want to use them for surveillance or attacks. In fact, there is so much demand for zero-day vulnerabilities from government security agencies that they help to drive the market for buying and selling information about these vulnerabilities and how to exploit them.

Zero day exploits may be disclosed publicly, disclosed only to the software vendor, or sold to a third party. If they are sold, they can be sold with or without exclusive rights. The best solution to a security flaw, from the perspective of the software company responsible for it, is for an ethical hacker or white hat to privately disclose the flaw to the company so it can be fixed before criminal hackers discover it. But in some cases, more than one party must address the vulnerability to fully resolve it so a complete private disclosure may be impossible.

In the dark market for zero-day information, criminal hackers exchange details about how to break through vulnerable software to steal valuable information. In the gray market, researchers and companies sell information to militaries, intelligence agencies, and law enforcement. In the white market, companies pay white hat hackers or security researchers to detect and disclose software vulnerabilities to developers so they can fix problems before criminal hackers find them.

Depending on the buyer, the seller, and the usefulness, zero day information might be worth a few thousand to several hundred thousand dollars, making it a potentially lucrative market to participate in. Before a transaction can be completed, the seller should provide a proof-of-concept (PoC) to confirm the zero-day exploit’s existence. For those who want to exchange zero-day information undetected, the Tor network allows for zero day transactions to be conducted anonymously using Bitcoin.

Zero-day attacks may be less of a threat than they sound like. Governments may have easier ways to spy on their citizens and zero days may not be the most effective way to exploit businesses or individuals. An attack must be deployed strategically and without the target’s knowledge to have maximum effect. Unleashing a zero-day attack on millions of computers at once could reveal the vulnerability’s existence and get a patch released too quickly for the attackers to accomplish their ultimate goal.

Examples of Zero Day Attacks

In April 2017, Microsoft was made aware of a zero-day attack on its Microsoft Word software. The attackers used a malware called Dridex banker trojan to exploit a vulnerable and unpatched version of the software. The trojan allowed the attackers to embed malicious code in Word documents which automatically get triggered when the documents are opened. The attack was discovered by antivirus vendor McAfee which notified Microsoft of its compromised software. Although the zero-day attack was unearth in April, millions of users had already been targeted since January.

RELATED TERMS
  1. Advanced Persistent Threats (APT)

    An Advanced Persistent Threat (APT) is a large-scale, sophisticated, ...
  2. Supply Chain Attack

    A supply chain attack is a cyberattack that attempts to inflict ...
  3. Eavesdropping Attack

    An eavesdropping attack is an incursion where someone tries to ...
  4. Intrusion Detection System (IDS)

    An Intrusion Detection System (IDS) is a computer program that ...
  5. Business Software & Services Industry ...

    An exchange-traded fund (ETF) that invests in business software ...
  6. Ransomware

    Ransomware is a cyber-extortion tactic that uses malicious software ...
Related Articles
  1. Investing

    WannaCry Hackers Threaten Another Microsoft Data Dump

    The hacking group behind the WannaCry attack are threatening another data dump.
  2. Investing

    New Cyber Attack Exploits Microsoft Bug, Generates Digital Currency

    Another cyber attack relying on a Microsoft bug is spreading around the globe at the same time the hacking group Shadow Brokers is warning of more pain to come.
  3. Personal Finance

    How Cyber Security Risks Impact Your Bank

    Here's how cyber security risks mean for the financial industry and consumers.
  4. Insights

    Top Cyber Security Risks for Financial Advisors

    Cyber crime is on the rise. Here's what advisory firms, big and small, need to be aware of and how to prepare.
  5. Investing

    How the Paris Attacks Could Impact the Economy

    The horrific terror attacks in Paris will have a ripple effect on comsumer spending and tourism.
  6. Small Business

    The Top 10 Hidden Factors Affecting Software Stocks

    Want to invest in software? Here are the most important factors affecting profits, revenues, and stock price of software companies
  7. Managing Wealth

    Insulating Your Portfolio Against the Impact of a Terrorist Attack

    Advice and strategies to help your investment portfolio hold up against the adverse effects of a terrorist attack on the markets.
  8. Investing

    World's top 10 Software Companies

    Want to invest in software stocks but finding it difficult to identify companies with major software revenue? Here is a list of top software companies
  9. Insights

    The Industry Handbook: Software Industry

    Discover how the software industry has changed throughout the years to become a mainstay for businesses from programming to software as a service.
  10. Financial Advisor

    Your Financial Advisory Firm Has Been Hacked. Now What?

    Taking the right steps following a cyber attack can mitigate the impact on clients.
RELATED FAQS
  1. What impact have terrorist attacks had on the insurance industry?

    Learn about the impact of terrorist attacks on the insurance industry and how the 9/11 terrorist attack led to important ... Read Answer >>
  2. How do I use software to make arbitrage trades?

    Understand the meaning of arbitrage trading, and learn how traders employ software programs to detect arbitrage trade opportunities. Read Answer >>
  3. What should I look for when choosing a forex trading platform?

    A trading platform is a piece of software that acts as a conduit for information between a trader and a broker. A trading ... Read Answer >>
Hot Definitions
  1. Leverage

    Leverage results from using borrowed capital as a source of funding when investing to expand the firm's asset base and generate ...
  2. Financial Risk

    Financial risk is the possibility that shareholders will lose money when investing in a company if its cash flow fails to ...
  3. Enterprise Value (EV)

    Enterprise Value (EV) is a measure of a company's total value, often used as a more comprehensive alternative to equity market ...
  4. Relative Strength Index - RSI

    Relative Strength Indicator (RSI) is a technical momentum indicator that compares the magnitude of recent gains to recent ...
  5. Dividend

    A dividend is a distribution of a portion of a company's earnings, decided by the board of directors, to a class of its shareholders.
  6. Inventory Turnover

    Inventory turnover is a ratio showing how many times a company has sold and replaces inventory over a period.
Trading Center