What You Need To Know About Zero-Day Attacks

Your home dictionary may not include the term zero-day, but if you Google it, you’ll find thousands of references.  A zero-day refers to a vulnerability that is not known to the software maker and therefore remains unpatched. The term derives from developers having zero time to defend their software against attack. But you can bet the details of those vulnerabilities spread rapidly within the hacker community. As long as applications go out into the world with bugs or security flaws, attackers will exploit them. That’s just the way it is.

Criminal hackers use zero-day vulnerabilities to open a door into your network, and because antivirus companies weren’t aware of them at the moment of infection, the unwanted visitors can remain undetected for years. Usually they are uncovered only by chance.

jrnlv2-07-less-than-zero-1

Recent Zero-Day Exploits Uncovered

  • An attack exploiting previously unknown vulnerabilities in Microsoft Office was uncovered last year. The attackers hid the exploit within a Word document (.docx) that appeared to be a resume. Once inside, hackers were able to execute fully privileged remote code.
  • Also in 2015, multiple zero-day vulnerabilities were found in Adobe Flash Player. In one widespread attack, hackers found their victims by sending generic phishing emails. Upon clicking the URLs provided in the emails, targets were redirected to a compromised server and downloaded a malicious Adobe Flash Player SWF file. The installed malware’s main function was to perform ad fraud against ad networks. While that attack didn’t affect users at onset, its proliferation–which illustrated how easy it was to install harmful malware via the ubiquitous Adobe – is a substantial threat to be aware of.

The Best Defense

The best way to stay safe is to make your user community more aware, and to use preventive best practices.

  • Keep your software up-to-date and intelligently patched. Our Guaranteed Networks clients receive critical security patches as soon as they are released. All other patches are tested in our own sandbox before they are pushed to client environments.
  • Keep abreast of the latest vulnerabilities and attack vectors from reliable advisories.
  • Use a best-of-breed anti-virus solution, and verify updates daily. Our Guaranteed Networks Operations Center includes a comprehensive anti-virus, -spam, and -malware solution that protects our clients from the lion’s share of exploits.
  • Perform log management to identify spurious activities even within a zero-day attack. Just because security vendors haven’t isolated the exploit doesn’t mean you can’t recognize when it is acting suspiciously after it has gotten inside your network. Guaranteed Networks-Secure delivers two types of event correlation and log management solutions that can quarantine dangerous activity in the aftermath of an otherwise undetected zero-day incursion.


Categories: Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: