What Is A Zero Day Attack?

A zero day attack refers to a breach of a computer system, or exploitation of a software vulnerability, that was heretofore unknown to the developer of the system or software or the wider security community that is tasked with the prevention of such intrusions. The term ‘zero day’ refers to the fact that the vendor or developer of the target system or software has had no time as yet (zero days) to fix the vulnerability.

A zero-day attack or exploit is one of the most serious breaches that can be made by malicious hackers because there are no anti-virus tools or procedures available yet to mitigate its effects and the vendor has had no time to fix the vulnerability in the software or system’s code. It means that it is highly effective and initially is almost impossible to stop until the defect it exploits has been fixed or ‘patched’ in software parlance.

The exact nature of the attack can include introducing malware to a system, installing spyware or enabling unauthorized access of information – the important aspect is the vulnerability that was used to enable this. While users can protect themselves by installing anti-virus software and regularly installing software updates from the manufacturer, the nature of this type of attack means that it is almost impossible for a user to protect themselves entirely because the fault exploited is unknown to the wider security community. Some host intrusion prevention systems may identify that an illicit user has gained access to the system because of unusual behaviour, by the time the intruder has been in the system for even a short time the damage is likely to have been done.

For these reasons zero day exploits are among the most highly prized in the malicious hacker community and, in some cases, by state actors that are tasked with exploiting computer system vulnerabilities to attack foreign enemies’ computer systems. Not all zero day exploits are discovered by bad actors and some in the hacker community publish these vulnerabilities publicly to ensure they are fixed. Often software companies will pay significant sums as ‘bounties’ for information about zero-day vulnerabilities because of the potential damage and losses that can result.

To be most effective a zero-day attack should be used strategically and, ideally, without the target ever finding out so that it can continue to be used with impunity in the future. Once the exploit is discovered the clock begins to run and it is not day zero anymore.

Leave a Comment

Required fields are marked *.