Definition
Zero-day is an umbrella term that includes vulnerabilities, exploits and attacks. Here is the explanation of the terms:
- A zero-day vulnerability is an undiscovered software vulnerability that attackers exploit before the vendor has knowledge of it. The attack will likely succeed because no patches are available for the vulnerability.
- A zero-day exploit is a technique hackers employ to target systems with previously undisclosed vulnerabilities.
- A zero-day attack refers to using a zero-day exploit to steal data or cause damage to a system with vulnerabilities.
Zero-day Attacks Detection
- Behaviour-based detection: This involves analyzing user interactions with software to identify potentially malicious behaviour. It learns normal behaviour and blocks any deviations. It depends on predicting network traffic flow.
- Statistics-based detection: This strategy uses machine learning to analyse statistical data from past exploits. However, the approach is limited to changes in patterns.
- Signature-based detection: The method compares file signatures to a database of known malware signatures. It is ideal for protecting from known threats but ineffective against zero-day exploits.
Zero-day Attacks Prevention
- Update your software regularly.
- Be aware of phishing scams.
- Inform yourself about potential software vulnerabilities.
Zero-day Examples
- The 2010 Stuxnet attack: A Stuxnet worm targeted an unknown Windows zero-day vulnerability, damaging the Iranian nuclear program. It was later modified to target other facilities, such as gas pipes and power plants.
- The 2014 Sony attack: Hackers used a zero-day vulnerability to penetrate Sony’s network and steal sensitive data, including emails, business files, and copies of upcoming releases.