Skip to main content

Zero day attack/zero day exploit


This is the one of the most developing and advanced cyber-attack specially uses by the cyber criminals. Cyber criminals are hard to find and they are known as the black hat hackers. Mainly these cyber criminals can be categorized into some groups according to their attacks, such as criminal who is working alone, a team of cyber criminals organized as a group to make some cyber-attacks (e.g. anonymous hacker group, shadow brokers) and the criminals who are rented/governed by some organization (some black hat hackers are protected by their governments) for their benefits. When we are considering the cyber-attacks, most of them are based on the money gaining and some are personally targeted things.

Cyber criminals working for the organization, they sell the trade attack tool kits for the organizations which are in executable formats to crack the other organizations/personal information. Botnet services are also created by the cyber criminals to make threat to the business organizations. According to the works done by the cyber criminals we can give them some name (types), such as script kiddies, scammers, phishers, political/religious/commercial groups, insiders, APT agents, etc. This “Zero day exploit” is the newest and advance method uses by the hackers to make cyber-attacks.
As general when we want to attack a system/software, we have need to find its vulnerabilities/loop holes/security issues. Zero day attack is also same as it is. But we can consider this attack as a race between the developer/vendor of the system and the hacker. It is highly risky to the vendors to avoid this kind of the attacks.

Here hacker identifies/found the potential issue of the system as vulnerability (before the developer/vendor know the vulnerability), then the hacker release some malicious code (virus, Trojans, malware, ransom-ware, etc.) to hack/attack the system/make harm to system. Time between discovering the vulnerability and the attack is known as the “zero day”. Hackers are need to consider the previous security patch and they have to guess the coming patch to defend their attack. Developers may take 1 month or 1 year to fix the attack. The reason for this is, this attack is created uniquely for a system (not a general purpose). It is coded newly to make attack to the system (new to world). After this recovery the developer will release updates/patches to the software to avoid this same attack again.

Recently occurred ransom-ware is a good example for the zero day attack. This is specially targeting on the Microsoft computers to gain the money. “Eternal blue” is the vulnerability that is found in the Microsoft Windows Server Message Block. The main cause for the huge damage by this attack is the careless of the users as well as the Microsoft. Microsoft released the security patch before the attack but the users did not make their update and Microsoft have many versions of operating systems in use and they have need to create the security patch for all those versions. This process took long time and the hackers (shadow brokers) use this opportunity firstly and make the attack by releasing the ransom-ware name “wanna cry”.

Note: Don’t be careless if any updates/security patches release 

 ©IT Today

Comments

Post a Comment

Popular posts from this blog

Bandit Wargame – Documentation

Basically wargames are providing the basic knowledge on the security concepts. It is a game that contain many tricks to break the borders to gain the access especially passwords (commands are mostly on the Linux CLI). You can find many wargames through the Internet and they are very interest and fun full too. “Bandit” is also a wargame which is for the beginners. You all can access that through the link given bellow. And this article is an document for this game. I have used Ubuntu as the operating system. Bandit – Clickhere . Level 0: Case study → Clickhere Here we have need to connect the host through the SSH (secure socket shell) server. The informations are provided as follows. Host name: bandit.labs.overthewire.org Port No: 2220 User name: bandit0 Password: bandti0 There are many ways to connect through the SSH server. Method 1: Download and run the “PuTTY SSH client”. ( https://the.earth.li/~...
Post a Comment
Read more

How OIDC run on top of OAuth - Demo by a maven web application

As I said in the previous blog about OIDC, OIDC is running on top of OAuth in-order to provide authentication and authorization. When it comes to real scenario, we have need to clearly understand the flows between authorization server, and resource server. For OAuth it needs token introspection endpoint in-order to validate the token. But, in OIDC it doesn't need to have this introspection endpoint because OIDC response token (JWT) it contains the idtoken which contains information about the token to validate by the resource server. OIDC is running as authorization grant type is pretty much safe way for the web applications. Let's see how a real world application using this OIDC on top of OAuth. Note: I have created an sample application to provide the graphical interface for this explanation. When you are trying to login a online web application account you may see another login options also available. For example, login with Google, login with Facebook,etc. Those ...
Post a Comment
Read more

Introduction to OAuth

What is OAuth? OAuth is a protocol that allows distinct parties to share information and resources in a secure and reliable manner. OAuth needs to consider the 2 concept to provide the informations in secure and reliable manner. They are authentication and authorization. Authentication -> Validating the person/system who need the information Authorization -> After authentication what action can be performed by the person/system. By maintaining this 2 concept OAuth is providing federated identity and delegated identity. Federated identity -> User can use his/her one application account to login another application. [Example: If a user having Facebook account then he can login Instagram with the same login as Facebook] Delegated identity -> One service can access another service resources. [Example: When creating a Facebook account with eMail address that will suggest the contacts in the eMail to add as friends] Without OAuth With OAuth User ...
Post a Comment
Read more