While recently catching up on technology news, I came across the terms zero-day, cyber espionage, and cyber conflict. I realized I know the meaning of these words, but do I really understand them? Do you really understand them and their implications? I decided to take a deeper dive into these terms to get a clearer picture.
Zero-day is a term recently used when describing the recent bug affecting Microsoft Word. It is also known as “zero-hour,” “0-day” or “day zero.” In researching for a proper definition of this term, I found many. To summarize a few of them, zero-day is the day an undisclosed vulnerability in software is found and exploited with malicious intent. This is also called a zero-day attack. In the recent case involving Microsoft Word, an undisclosed vulnerability in the Windows Object Linking and Embedding (OLE) function allows for malicious HTML application to be downloaded when a Word document is opened. Researchers at McAfee were first to discover the problem while doing routine checks, thus making this a zero-day vulnerability. Zero-day attacks are especially harmful because patches and fixes are typically not created overnight. The article by McAfee was published four days before a patch was available for Microsoft Word and it is most-likely Microsoft was aware of the issue prior to the article being published. This is just one example of several real attacks affecting companies. Another highly-publicized example was the attack on Sony Corporation.
Cyber espionage is defined as the use of computer networks to gain illicit access to confidential information. This information is typically held by a business or government agency, but not exclusively. There have been several news articles on cyber espionage groups targeting U.S. businesses. One of the most recent attacks was on the National Foreign Trade Council (NFTC) near the end of February. Members of the NFTC received what looked like a meeting invitation. Once clicked, the invite installed Scanbox which can “determine what software a victim is using and run keyloggers on their PC.” This enables the attackers to identify the types of software used and what the person is inputting into their PC. According to the cybersecurity company who is working on the case, the purpose of the attack was most-likely for surveillance. The hackers were said to work for the Chinese government’s interests and it seems their aim was to gather information on U.S. top executives on the council which could then be used in a phishing scam at a later date.
Cyber conflict can be simply defined as a conflict in cyberspace or cyberwarfare, but that doesn’t tell you much. Another definition from the Washington Post elaborates further: “the use of computational means, via microprocessors and other associated technologies, in cyberspace for malevolent and/or destructive purposes in order to affect, change or modify diplomatic and military interactions between entities” There’s a lot of tension in the news over cyber conflict (a.k.a. cyber warfare), but what’s really at stake? Looking at the cyber espionage example with China above, you can easily deduce that china could cripple some of our major industries by launching a cyberattack. There have been accusations of Russian hackings in the U.S. leading to speculations on what Russia could do if provoked. It is a scary world we live in if you think about the possibility of a few keystrokes taking out our electricity, telecommunications and even our clean water supply.
Zero-day, cyber espionage and cyber conflict all fall under the umbrella of a cyberattack which is a newer reality for all of us. Most companies have started putting steps in place to guard against it – from the training of their employees to advanced monitoring services and everything in between. Governments have been building their cyber armies as well. The term “hacker” has gotten a bad reputation, but that is what these alternative armies are made of.
Picture copyright: Tookapic/ https://www.pexels.com/photo/laptop-eyes-technology-computer-9451/ CC0 license