4

Can anyone explain to me what is a zero day attack with a very simple example? Also, how can it be prevented?

schroeder
  • 123,438
  • 55
  • 284
  • 319
B. Bakshi
  • 73
  • 2

3 Answers3

12

The term Zero Day or Zero Hour can apply to any type of attack. It's really just a classification given to the time period at which a vulnerability has just been discovered by a person or organization but has not yet been disclosed publically.

Some definitions also include the first day or "Day Zero" of a vulnerabilities announcement and the race between attackers and defenders to attack or defend their systems when this type of announcement is made.

Zero Day attacks are particularly dangerous because for the short time period they haven't been disclosed the attackers can effectively compromise some level of system access across almost all systems which are vulnerable. In some cases, this can give an attacker access to millions of devices or access to lots of sensitive data.

Once it has been disclosed publically or there is a known remediation it is no longer considered to be a Zero Day. Note: Some definitions vary here.

So there is no "solution" to preventing Zero-day attacks as new vulnerabilities and exploits will always be discovered before the remediations to prevent such problems from being exploited can be created.

Effectively the holes will always exist before their respective patches.

This said there are additional defenses which can be implemented to reduce the risk from certain types of Zero-Day attacks or limit their damage but it is not possible to anticipate all attack vectors.

This is really why you want to have multiple security tools because at any given time one layer of defense (one of your security tools can fail or be vulnerable).

In other words, if you think of security as a function of time at some point a vulnerability will exist even on the most well-secured networks.

If you only have one level of defense protecting your data your security will look like the following:

Time: ----->

Layer 1 Security: --------------------    ----------------
                 Zero Day occurs here ^   ^ vulnerability fixed here.

If you have multiple layers of defenses (or defense in depth) in theory as different vulnerabilities come out in time your defenses will look more like the following:

Layer 1 Security: --------------------    ----------------
Layer 2 Security: --------------    ----------------------
Layer 3 Security: ---   ---------------------    ---------

Even though each layer of security gets vulnerabilities from time to time they don't all align for an attacker to get through all three layers. In rare cases, this can happen but statistically multiple layers can provide much better security than one layer by itself.

One of the best defenses against Zero-Days is a very disciplined staff keeping multiple layers of security up-to-date. Discipline is key here, the layers just buy you more time.

Trey Blalock
  • 14,099
  • 6
  • 43
  • 49
1

Zero days is the length of time that the vulnerability has been known about. Thus meaning that the vulnerability is unknown to the people who would write or fix the software. The reason they are so valuable on the black market is because no one is currently working to fix it!

Keeping your software updated is a good defense to known vulnerabilities but doesn't protect you from zero-day attacks. The solution is defense in depth and reducing your attack surface (turn off any services you aren't using).

dave
  • 453
  • 4
  • 9
0

Simplest definition for zero-day attacks is attacks on vulnerabilities that have not been patched or made public. Or you also can define them as attacks that take advantage of a security vulnerability on the same day that the vulnerability becomes publicly known (zero-day).

Gamunu B.
  • 1
  • 2