Zero-day attacks and cyber espionage

23 May 2017 by Jennifer Duits

If you read technology news you’ll likely come across the terms ‘zero-day’, ‘cyber espionage’ and ‘cyber conflict’. You might know the meaning of the words themselves, but do you really understand the terms and what they could mean for business and personal data? In this article we’ll take a closer look at exactly what these terms mean so we can fully comprehend some of their implications.


Zero-day is a term that was most recently used when describing the recent bug affecting Microsoft Word. It is also known as ‘zero-hour’, ‘0-day’ or ‘day zero’. Whilst there are many variations on the name, they all mean the same thing: the day an undisclosed vulnerability in software is found and exploited with malicious intent. In the recent case involving Microsoft Word, an undisclosed vulnerability in the Windows Object Linking and Embedding (OLE) function allowed for malicious HTML applications to be downloaded when a Word document was opened. Researchers at McAfee were first to discover the problem while doing routine checks thus bringing this zero-day vulnerability to light. Zero-day attacks are especially harmful because patches and fixes are typically not created overnight. The article by McAfee was published four days before a patch was available for Microsoft Word and it is likely that Microsoft was aware of the issue prior to the article being published. This is just one example of several real attacks affecting companies, another highly-publicised example being the attack on Sony Corporation.

Cyber espionage

Cyber espionage (or cyber spying) is defined as the use of computer networks to gain illicit access to confidential information. This information is typically held by a business or government agency, but not exclusively. There have been several news articles on cyber espionage groups targeting businesses in the United States. One of the most recent attacks was on the National Foreign Trade Council (NFTC) near the end of February. Members of the NFTC received what looked like a meeting invitation, however once clicked, the invite installed Scanbox, which can ascertain what software a user has installed and proceeds to run ‘keyloggers’ on their PC. This enables attackers to identify the types of software used and what the person is inputting into their PC. According to the cybersecurity company who is working on the case, the purpose of the attack was most likely carried out for surveillance. The hackers were said to work for the Chinese government's interests and it seems their aim was to gather information on top US executives on the council, which could then be used in a phishing scam at a later date.

Cyber conflict

Cyber conflict can be simply defined as a conflict in cyberspace or cyberwarfare, but here’s a more in-depth definition: “the use of computational means, via microprocessors and other associated technologies, in cyberspace for malevolent and/or destructive purposes in order to affect, change or modify diplomatic and military interactions between entities”. It sounds scary, and it can be!

You’ve probably noticed that there is a lot of tension in the news over cyber conflict, but what is really at stake? Looking at the alleged cyber espionage example with China above, you can easily deduce that a state-sponsored attack could cripple major industries by launching a form of cyberattack. There have been accusations of Russian hackings in the US leading to speculations on what Russia could do if provoked. It is a scary world we live in if you think about the possibility of a few keystrokes taking out vital organisations such as energy suppliers and telecommunications providers.

Zero-day, cyber espionage and cyber conflict all fall under the umbrella of a ‘cyberattack’ which is becoming a newer reality for all of us. Most companies have started putting steps in place to guard against it; from employee training to advanced monitoring services and everything in between. Governments have been building their cyber armies as well. The term ‘hacker’ has received a bad reputation in the news, but that is exactly what these alternative armies of today are made of.

Have you or your business been a victim of a cyber attack or zero-day exploit? Let us know by tweeting @DrDataRecovery