Zero-day DDoS attacks are known as such because they take place when a threat actor exploits a zero-day vulnerability. A zero-day vulnerability is an application or system flaw usually within new software that was unknown to the vendor and security community at large prior to an attack taking place.
Zero-day DDoS attacks are also named such because the vendor has zero days before disclosure to fix a flaw once it has been discovered. It can take some time from the moment the vulnerability is detected by the threat actor and the discovery of the zero-day attack and resulting fix or patch. During this period, the attacker will actively exploit the vulnerability to gather information and block resources and the victim only finds out about it once everything is already exploding.
To successfully execute a DDoS attack, the hacker needs to organize a botnet in a short period of time, ideally using servers that haven’t previously been compromised that are running software with zero-day vulnerability. They can then use this server for DDoS attacks. Zero-day vulnerabilities are ideal for this purpose and have thus gained momentum worldwide. These kids of holes are extremely valuable and are often traded on the black market or auctioned to the highest bidder (prices can range from $5,000 to $250,000).
Zero-day DDoS attacks are challenging to protect against as they spring from an unknown threat. Software vendors are increasingly adopting bug bounty programs to incentivize security researchers to disclose potential vulnerabilities.
Two of the most famous examples of Zero-day DDoS attacks are Stuxnet (which Oscar-winning filmmaker Alex Gibney made a documentary about in 2016, Zero Days) and the Sony Pictures hack purportedly by North Korean agents.
Stuxnet is regarded as the world’s first cyber weapon. The Stuxnet virus was used to secretly break Iran’s uranium enrichment centrifuges (by speeding up or slowing down the centrifuges until they destroyed themselves) amidst fears they were producing chemical weapons. It’s largely assumed that the zero-day exploit was created by American and Israeli security services. The self-replicating computer code behind Stuxnet was so powerful that it escaped Iran’s network and began to infect computers worldwide.
The Sony Pictures Entertainment hack in late 2014 remains the worst corporate attack in history. The hackers, dubbed Guardians of Peace, crippled Sony’s network and released sensitive data on public file-sharing sites, including the personal emails of Sony executives, its business plans, contracts and four unreleased feature films. The motivation behind the attack was apparently to prevent Sony making any profit from the Seth Rogen/James Franco comedy, “The Interview”, which concerns a CIA-backed plot to assassinate the North Korean leader Kim Jong-un.
In January 2015, Re/Code reported that access to Sony’s network was gained via a previously undisclosed vulnerability in its computer systems, which hadn’t yet been patched. It remains unclear which software was compromised, but it’s likely that “spear phishing” attacks involving malicious code in email attachments were the hackers way in, which allowed them to then exploit zero-day vulnerabilities.