A spear-phishing campaign using a malicious file attachment or link is the most common method for delivering a zero-day attack. Cybercriminals carrying out an advanced persistent threat campaign often use common hacking techniques to gain an initial foothold.
Reports by IBM and F-Secure both identify the rise of watering hole attacks to deliver custom malware. The attackers compromise a trusted website that is commonly visited by targeted employees and set it up as an attack platform. Once visited, the custom malware targets the open flaw on the victim's machine, enabling attackers to gain an initial foothold into the organization. In the first half of 2013, security researchers tracked nearly a dozen zero-day exploits used in targeted attack campaigns. CRN put together a list of the top zero-day threats of 2013.