Zero-day?
Use of the term "zero day
1. Day zero vulnerability :
This is a flaw in the existing software of which the supplier is unaware. The attacker, on the other hand, knows that it exists.
This vulnerability can range from unencrypted data transfer to an inadequate password policy.
2. Day zero operations :
Once the attacker knows about the vulnerability, he tries various methods to exploit it.
This usually takes the form of exploit code, a piece of code that attempts to take advantage of the vulnerability to gain access to the system.
3. Zero day" attack :
Attackers try to introduce their exploit code into the software by various means, such as social engineering.
Suppliers become aware of unusual behaviour within their systems when the zero-day attack is successful.
This atypical
behaviour is usually the result of a denial of service attack, ransomware,
malware or other forms of damage for which the operating code was designed.
Types of zero day attacks
1. Targeted "zero day" attacks :
Targeted zero-day attacks exploit security flaws in specific systems containing sensitive or lucrative data.
The victims of
these attacks can be large technology companies such as Google, government
agencies or competitors within a sector.
2. Untargeted zero-day
attacks:
These are large-scale attacks that exploit a specific vulnerability on several devices using a particular software, hardware or firmware.
For example,
if the attacker finds a vulnerability in one version of a browser, he will
attempt to exploit all devices running that version of the browser.
Most zero-day
attacks target operating systems, open-source code, network devices, hardware,
firmware, cloud-based services and IoT devices.
Zero day attacks generally target financial institutions and banks.