Zero-Day Attacks

This subset of malware threats specifically because traditional means of defending against malware are ineffective against a threat that has not previously been seen.

Affected entity: MNO, DFS providers, and Third parties

Risk: Unauthorised access to confidential user data and unauthorised modification of user data

• Vulnerability: Discovery of new exploits against deployed systems and the inability to deploy solutions against these exploits (SD: Data Confidentiality, Access Control, Availability)

  • Control 14.1: MNOs along with DFS providers and payment services providers should patch systems to the latest versions provided by the vendor to defend against attacks that have been developed from older vulnerabilities

  • Control 14.2: Providers and MNOs should have contingency plans in place with vendors to quickly acquire patches and system remediation if a zero-day attack has been found in the wild. Part of this strategy involves the proper use of backups.