Skip to main content

Zero day attack/zero day exploit


This is the one of the most developing and advanced cyber-attack specially uses by the cyber criminals. Cyber criminals are hard to find and they are known as the black hat hackers. Mainly these cyber criminals can be categorized into some groups according to their attacks, such as criminal who is working alone, a team of cyber criminals organized as a group to make some cyber-attacks (e.g. anonymous hacker group, shadow brokers) and the criminals who are rented/governed by some organization (some black hat hackers are protected by their governments) for their benefits. When we are considering the cyber-attacks, most of them are based on the money gaining and some are personally targeted things.

Cyber criminals working for the organization, they sell the trade attack tool kits for the organizations which are in executable formats to crack the other organizations/personal information. Botnet services are also created by the cyber criminals to make threat to the business organizations. According to the works done by the cyber criminals we can give them some name (types), such as script kiddies, scammers, phishers, political/religious/commercial groups, insiders, APT agents, etc. This “Zero day exploit” is the newest and advance method uses by the hackers to make cyber-attacks.
As general when we want to attack a system/software, we have need to find its vulnerabilities/loop holes/security issues. Zero day attack is also same as it is. But we can consider this attack as a race between the developer/vendor of the system and the hacker. It is highly risky to the vendors to avoid this kind of the attacks.

Here hacker identifies/found the potential issue of the system as vulnerability (before the developer/vendor know the vulnerability), then the hacker release some malicious code (virus, Trojans, malware, ransom-ware, etc.) to hack/attack the system/make harm to system. Time between discovering the vulnerability and the attack is known as the “zero day”. Hackers are need to consider the previous security patch and they have to guess the coming patch to defend their attack. Developers may take 1 month or 1 year to fix the attack. The reason for this is, this attack is created uniquely for a system (not a general purpose). It is coded newly to make attack to the system (new to world). After this recovery the developer will release updates/patches to the software to avoid this same attack again.

Recently occurred ransom-ware is a good example for the zero day attack. This is specially targeting on the Microsoft computers to gain the money. “Eternal blue” is the vulnerability that is found in the Microsoft Windows Server Message Block. The main cause for the huge damage by this attack is the careless of the users as well as the Microsoft. Microsoft released the security patch before the attack but the users did not make their update and Microsoft have many versions of operating systems in use and they have need to create the security patch for all those versions. This process took long time and the hackers (shadow brokers) use this opportunity firstly and make the attack by releasing the ransom-ware name “wanna cry”.

Note: Don’t be careless if any updates/security patches release 

 ©IT Today

Comments

Post a Comment

Popular posts from this blog

What is Google Hacking?

As an ethical hacker we have need to follow some general steps to be a good ethical hacker. Such that steps/stages can be listed as follows. But these steps are not a defined one. We can change them according to our needs. 1    . Reconnaissance – Gathering the information which are having the security vulnerability. 2   . Scanning - Examine/explore a target machine/network for the vulnerability that can be make use to go inside. 3    .Gaining Access – After scanning process make use of the vulnerability and attempt to move inside to the system to exploit. 4    . Maintaining Access – After moved into the machine/network hacker needs to make some backdoor to gain the access again. 5    . Clearing Tracks (unethical) – Clearing the traces of all the activities what they done in their hacking process. 6    . Reporting – End of the ethical hacking process in order to make some notes on the findings, things done in the hacking...
Post a Comment
Read more

Hack Windows 2000 by Kali Linux through the Metasploit Framwork

It is a sample documentations to record what I have did to hack Windows 2000 by Kali Linux. ©IT Today
Post a Comment
Read more

1st Program in Maven @ Ubuntu

Maven What is Maven? It is a Build tool – building a code in a development environment Project management tool – it helps to generate reports, helps in the dependency management, etc. Maven as a Build tool. Why we are using Maven? To reduce the common problems and activities which are needed, when we are developing applications. 1. Multiple jars – Program may contain one/many frameworks and frameworks are need to include it all the required “jar”. “jar” are need to available in compile time, need to bundle them in the distribution. (We can miss something/ we don’t know what is jar?) 2. Dependencies and versions – a jar can depend on another jar, so we have need to make sure that all my dependencies are closed and make sure that I have supplied all the dependencies. Dependencies could differ bases on the versions. 3. Project structure – Proper structure for the application. (E.g. Directories, libraries , etc.) 4. Building, publis...
Post a Comment
Read more