The
term Zero-day is the term used to describe a flaw or issue within software
or hardware or firmware that is not known. Due to this unknown issue, the group
that will be responsible for creating the patch or update is or will not be
prepared when an issue comes up. Further,
the term refers to the amount of time between when the software or hardware or
firmware is released before the first possible attack.
Examples
of Zero-Day attacks
- Java: In March, Oracle
released emergency patches for Java to address two critical vulnerabilities,
one of which was actively used by hackers in targeted attacks. They received
the highest possible impact score from Oracle and can be remotely exploited
without the need for authentication such as a username and password.
- Acrobat Reader: In February, a zero-day exploit was found that bypasses the sandbox anti-exploitation protection in Adobe Reader 10 and 11. According to Kaspersky Lab's malware research and analysis team, the exploit is highly sophisticated; it is likely either a cyber-espionage tool created by a nation-state or one of the so-called lawful interception tools sold. by private contractors to law enforcement and intelligence agencies for large sums of money.
- The Elderwood Project: Symantec reported that in 2012 the Elderwood Project used a seemingly “unlimited number of zero-day exploits, attacks on supply chain manufacturers who service the target organization, and shift to ‘watering hole’ attacks” on websites likely visited by the target organization.
- Various Game Engines: In May, Computerworld blogger Darlene Storm reported that thousands of potential attack vectors in-game engines put millions of gamers at risk.
The
examples were provided by Dirk A. D. Smith; Network World; Aug. 12, 2013
Comments
Post a Comment