What is a 'Zero Day Attack'

Zero Day Attack (also referred to as Day Zero) is an attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of. The software developer must rush to resolve the weakness as soon as it is discovered in order to limit the threat to software users. The solution is called a software patch. Zero-day attacks can also be used to attack the internet of things (IoT).

A zero-day attack gets its name from the number of days the software developer has known about the problem.

BREAKING DOWN 'Zero Day Attack'

A zero day attack can involve malware, spyware, or unauthorized access to user information. Users can protect themselves against zero day attacks by setting their software – including operating systems, antivirus software, and internet browsers – to update automatically and by promptly installing any recommended updates outside of regularly scheduled updates. That being said, having updated antivirus software will not necessarily protect a user from a zero day attack, because until the software vulnerability is publicly known, the antivirus software may not have a way to detect it. Host intrusion prevention systems also help to protect against zero day attacks by preventing and defending against intrusions and protecting data.

Think of a zero-day vulnerability as an unlocked car door that the owner thinks is locked but a thief discovers is unlocked. The thief can get in undetected and steal things from the car owner’s glove compartment or trunk that may not be noticed until days later when the damage is already done and the thief is long gone.

While zero-day vulnerabilities are known for being exploited by criminal hackers, they can also be exploited by government security agencies who want to use them for surveillance or attacks. In fact, there is so much demand for zero-day vulnerabilities from government security agencies that they help to drive the market for buying and selling information about these vulnerabilities and how to exploit them.

Zero day exploits may be disclosed publicly, disclosed only to the software vendor, or sold to a third party. If they are sold, they can be sold with or without exclusive rights. The best solution to a security flaw, from the perspective of the software company responsible for it, is for an ethical hacker or white hat to privately disclose the flaw to the company so it can be fixed before criminal hackers discover it. But in some cases, more than one party must address the vulnerability to fully resolve it so a complete private disclosure may be impossible.

In the dark market for zero-day information, criminal hackers exchange details about how to break through vulnerable software to steal valuable information. In the gray market, researchers and companies sell information to militaries, intelligence agencies, and law enforcement. In the white market, companies pay white hat hackers or security researchers to detect and disclose software vulnerabilities to developers so they can fix problems before criminal hackers find them.

Depending on the buyer, the seller, and the usefulness, zero day information might be worth a few thousand to several hundred thousand dollars, making it a potentially lucrative market to participate in. Before a transaction can be completed, the seller should provide a proof-of-concept (PoC) to confirm the zero-day exploit’s existence. For those who want to exchange zero-day information undetected, the Tor network allows for zero day transactions to be conducted anonymously using Bitcoin.

Zero-day attacks may be less of a threat than they sound like. Governments may have easier ways to spy on their citizens and zero days may not be the most effective way to exploit businesses or individuals. An attack must be deployed strategically and without the target’s knowledge to have maximum effect. Unleashing a zero-day attack on millions of computers at once could reveal the vulnerability’s existence and get a patch released too quickly for the attackers to accomplish their ultimate goal.

Examples of Zero Day Attacks

In April 2017, Microsoft was made aware of a zero-day attack on its Microsoft Word software. The attackers used a malware called Dridex banker trojan to exploit a vulnerable and unpatched version of the software. The trojan allowed the attackers to embed malicious code in Word documents which automatically get triggered when the documents are opened. The attack was discovered by antivirus vendor McAfee which notified Microsoft of its compromised software. Although the zero-day attack was unearth in April, millions of users had already been targeted since January.

RELATED TERMS
  1. Advanced Persistent Threats (APT)

    An Advanced Persistent Threat (APT) is a large-scale, sophisticated, ...
  2. Cybersecurity

    Cybersecurity refers to the measures taken to keep electronic ...
  3. Eavesdropping Attack

    An eavesdropping attack is an incursion where someone tries to ...
  4. White Hat

    A white hat is an ethical practice used to improve computer and ...
  5. Data Loss

    Data loss occurs when valuable and/or sensitive information on ...
  6. RAM Scraping Attack

    A RAM scraping attack is a type of malware intrusion of a point-of-sale ...
Related Articles
  1. Investing

    Security Stocks Up After Global Ransomware Attacks

    Investors bet that companies and governments will spend more to secure their networks.
  2. Tech

    SWIFT Attacks: Hackers Strike Again

    The recent SWIFT cyberattack has revealed connections to the earlier Bangladesh and Sony attacks.
  3. Financial Advisor

    Don't Hide From The Reality Of How Terrorism Affects The Economy

    After major terror attacks, most people don't want to think about economics. But the post-terror economy affects the lives of the whole world, so it's important to be knowledgeable.
  4. Tech

    Bitcoin Gold Hack Shows 51% Attack Is Real

    Bitcoin Gold might be at the receiving end of a 51% attack. If true, this theoretically means a hacker can take control of the cryptocurrency.
  5. Investing

    Microsoft Turns to AI to Fight Cyberattacks

    Microsoft is turning to artificial intelligence in the wake of the WannaCry ransomware attacks.
  6. Investing

    Intel Chip Flaw Lets Hackers Access Windows Devices Remotely

    Intel disclosed a new security flaw that enables hackers to access Windows PCs, servers and laptops remotely without the need for a password.
  7. Investing

    13 Ways to Invest in Cybersecurity

    Rarely a week goes by without a new media story about data breaches, hacking schemes or cyber attacks impacting individuals, companies and even governments. Four top investment experts who contribute ...
  8. Financial Advisor

    Your Financial Advisory Firm Has Been Hacked. Now What?

    Taking the right steps following a cyber attack can mitigate the impact on clients.
  9. Insights

    Airlines Begin to Feel the Effects of Terrorism (RYAAY, DAL)

    Most major airlines are starting to see the financial effect from recent terrorist activity in Europe.
  10. Tech

    Protect Your Small Business from Cybercrime

    Small business owners are a growing target for cyber-attacks; protect yourself and your clients.
RELATED FAQS
  1. What are some of the better types of financial analysis software?

    Discover what features make for good financial analysis software, some popular options and why analysts need to pick the ... Read Answer >>
Trading Center