What is a zero-day attack?

"Zero-day vulnerability" refers to a security vulnerability that is maliciously exploited immediately after being discovered. This kind of attack can take advantage of the manufacturer's lack of awareness of prevention or patching to cause great damage.

"Zero-day vulnerabilities" are usually discovered by hackers who find security vulnerabilities in products or protocols. Once discovered, the "zero-day vulnerability" attack will spread rapidly, usually through internet relay chat or underground websites.

The threat of "zero-day vulnerability" attacks has increased.

Although there are not a large number of "zero-day vulnerability" attacks, their threats are increasing day by day. The evidence is as follows: hackers are better at exploiting security vulnerabilities soon after they are discovered. In the past, security vulnerabilities usually took months to be exploited. Recently, the time interval between discovery and utilization has been reduced to a few days. MS Blast was exploited less than 25 days after the vulnerability was discovered, and nachi (a variant of ms blast) launched an attack a week later.

Attacks that exploit vulnerabilities are designed to spread quickly and infect more and more systems. Attacks have evolved from passive and slow-spreading files and macro viruses to more active and self-spreading email worms and mixed threats that spread within days or hours. Today, the latest Warhol and flash threats can spread in just a few minutes.

The more people know about security vulnerabilities, the more vulnerabilities will be discovered and exploited. Therefore, the "zero-day vulnerability" attack has become a disaster for most enterprises. General enterprises use firewalls, intrusion detection systems and anti-virus software to protect critical business IT infrastructure. These systems provide good first-class protection, but despite the best efforts of security personnel, they still can't protect enterprises from zero-day exploitation attacks.