Zero-day is a broad term that represents newly discovered vulnerabilities manipulated by hackers to attack software systems. The term “zero-day” comes from the fact that the developer has just learned about it and has “zero-days” to address it. A zero-day attack is when hackers exploit the flaw before the developer knows about it.
Software often and almost always has flaws that hackers can exploit. Developers constantly try to seek out these flaws to patch them, which is a solution to prevent hackers from using them. Patches are released through software updates. However, while developers are looking for these flaws hackers are working just as hard to find them and once they are found, disaster strikes. There is an endless possibility of what a vulnerability may be so finding them is like looking for a needle in a haystack. However, a common one is usually found in older software. For example, in 2014, Sony Pictures Entertainment suffered what was considered the worst zero-day attacks ever. Through a unknown vulnerability, the hacker group Guardians of Peace (GOP) managed to leak 4 unreleased feature films, business plans, contracts and personal emails. Zero-days are especially dangerous because every software whether a computer or website has them. It is really a race between developers and hackers to be the first to find them. Normally, once hackers discover vulnerabilities they will write exploit codes. These codes take advantage of the vulnerability which allows hackers to inject malware into software. People who usually actively look for and carry out attacks with zero-days are cybercriminals and hacktivists. Their motivation normally is for money, corporate espionage or cyberwarfare. It is important to regularly update softwares that you are using, especially for things such as phones. This will prevent hackers from using old vulnerabilities to hacker your device. However, new vulnerabilities may come with an update but it is always better to be vulnerable to a undiscovered vulnerability compared to one known vulnerability and an undiscovered one.
Zero day attacks can be disastrous and potential malware injected can travel quite quickly. As shown in the attack on Maersk a Danish shipping company. The attack used a malware called NotPetya which was a modified version of Petya another malicious code. In total, Maersk had to reinstall 4,000 servers, 45,000 PCs and 2,500 applications all in a span of ten days. The same exploit was used to attack the UK’s national health system. Another malicious malware called WannaCry was used.
While attacks like these are almost impossible to prevent as developers aren’t aware of the vulnerability. They can only take extreme cyber security measures to try and prevent them from happening.
Sources:
https://www.kaspersky.com/resource-center/definitions/zero-day-exploit https://www.zdnet.com/article/maersk-forced-to-reinstall-4000-servers-45000-pcs-due-to-notpetya-attack/https://www.vox.com/2015/1/20/11557888/heres-what-helped-sonys-hackers-break-in-zero-day-vulnerability