Zero-Day Attack Definition

What is a Zero-Day Attack?

A zero-day attack (also known as Day Zero) is an attack that exploits a potentially serious software security vulnerability that the vendor or developer may not be aware of. The software developer should rush to address the flaw as soon as it is discovered to limit the threat to software users. The solution is called a hotfix. Zero-day attacks can also be used to attack Internet of Things (IoT).

A zero-day attack gets its name from the number of days the software developer has been aware of the problem.

Key points to remember

  • A zero-day attack is a software-related attack that exploits a weakness that a vendor or developer was unaware of.
  • The name comes from the number of days a software developer has known about the problem.
  • The solution to fix a zero-day attack is known as a software patch.
  • Zero-day attacks can be prevented, but not always, with antivirus software and regular system updates.
  • There are different markets for zero-day attacks ranging from legal to illegal. They include white market, gray market and black market.

Understanding a Zero-Day Attack

A zero-day attack can involve malware, adware, spyware or unauthorized access to user information. Users can protect against zero-day attacks by configuring their software, including operating systems, anti-virus softwareand Internet browsers—to automatically update and quickly install all recommended updates outside of regular scheduled updates.

That being said, updating antivirus software will not necessarily protect a user against a zero-day attack, because until the vulnerability of the software is known to the public, the antivirus software may not have the means to detect it. Host intrusion prevention systems also help protect against zero-day attacks by preventing and defending against intrusions and protecting data.

Think of a zero-day vulnerability as an unlocked car door that the owner thinks is locked but a thief discovers is unlocked. The thief may enter undetected and steal items from the car owner’s glove box or trunk that may not be noticed until days later when the damage is already done and the thief is long gone .

While zero-day vulnerabilities are known to be exploited by criminal hackers, they can also be exploited by government security agencies who want to use them for surveillance or attacks. In fact, there is so much demand for zero-day vulnerabilities from government security agencies that they are helping to drive the market for buying and selling information about these vulnerabilities and how to exploit them.

Zero-day exploits may be publicly disclosed, disclosed only to the software vendor, or sold to a third party. If sold, they may be sold with or without exclusive rights. The best solution to a security flaw, from the perspective of the software vendor responsible for it, is for an ethical or white hat hacker to privately disclose the flaw to the company so it can be fixed. before criminal hackers find out. But in some cases, multiple parties must address the vulnerability to fully resolve it, so full private disclosure may not be possible.

Markets for Zero-Day Attacks

In the black market to get zero-day information, hackers exchange details on how to break into vulnerable software to steal valuable information. In the gray market, researchers, and corporations sell information to the military, intelligence agencies, and law enforcement. In the white market, companies pay hackers or security researchers to detect and disclose software vulnerabilities to developers so they can fix problems before criminal hackers can find them.

Depending on the buyer, seller, and utility, zero-day information can be worth a few thousand to several hundred thousand dollars, making it a potentially lucrative market to participate in. Before a transaction can be completed, the seller must provide a proof of concept (PoC) to confirm the existence of the zero-day exploit. For those who want to trade zero-day information undetected, the Tor network allows zero-day transactions to be performed anonymously using Bitcoin.

Zero-day attacks can sometimes be less threatening than they appear. Governments may have easier ways to spy on their citizens and zero-days may not be the most effective way to exploit businesses or individuals. An attack must be deployed strategically and without the knowledge of the target to have maximum effect. Launching a zero-day attack on millions of computers at once could reveal the existence of the vulnerability and cause a patch to be released too quickly for attackers to achieve their ultimate goal.

Real world examples

In April 2017, Microsoft has been informed of a zero-day attack on its Microsoft Word software. Attackers used malware called Dridex banker trojan to exploit a vulnerable, unpatched version of the software. The Trojan allowed attackers to embed malicious code in Word documents that was automatically triggered when opening the documents. The attack was discovered by antivirus vendor McAfee, which notified Microsoft of its compromised software. Although the zero-day attack was discovered in April, millions of users had already been targeted since January.

In a more recent example, Google‘s Chrome web browser has been subject to multiple attack vectors and exploits. In 2022 alone, Google urged Chrome users to update their browsers on no less than four separate occasions, citing a series of zero-day attacks.

Why is it called a Zero-Day attack?

The term “zero-day” (or 0-day) is used for a software exploit or hack that refers to the fact that the developer or creator of the risky program has just become aware of it – so literally zero repair day.

How are zero-day attacks fixed?

Once a developer becomes aware of a zero-day attack, the exploit is usually quickly identified and fixed via a software patch or upgrade.

What was the most famous Zero-Day attack?

While there are many prominent examples of zero-day examples, many cite the Sony Pictures hack of 2014, which used a previously unrecognized vulnerability to install malware unnoticed, which was later reported. used to delete or damage files involved in new movies, causing millions of dollars. in damages and a tarnished reputation for Sony’s apparent lack of security. The attack, many believe, was carried out by North Korean operatives in response to the release of the film “The Interview”, which parodied North Korea’s leader Kim Jong Un.

Disclaimer: Curated and re-published here. We do not claim anything as we translated and re-published using Google translator. All ideas and images shared only for information purpose only. Ideas and information collected through Google re-written in accordance with guidelines and published. We strictly follow Google Webmaster guidelines. You can reach us @ We resolve the issues within hour to keep the work on top priority.