HOW TO STOP ZERO-DAY EXPLOITS
December 03, 2015
Cyber defenses are a must for all enterprises, yet many companies deploy solutions that are powerless in an environment where undisclosed and zero-day attacks abound. With cybercriminals becoming more sophisticated than ever and investing enormous effort in preparing successful targeted attacks, a revolutionary approach to cyber protection is required.
Today’s ever-increasing reliance on data brings with it elevated risks, threats, and vulnerabilities for organizations and communication networks, and many of these vulnerabilities are undetectable by traditional network security devices (https://www.gartner.com/doc/2673919/malware-protection-systems-detecting-malicious). In the past, cyber threats affected only a small portion of business activity. However, as the reliance on data continues to grow, so too does the impact of cyber threats on organizations’ business activity. With the increasingly aggressive nature of cyber attacks, novel approaches to security are needed to successfully protect organizations.
Exploiting a Vulnerability via Targeted Attacks
By design, an exploit targets a vulnerability in an application and typically triggers an intruder’s code. A vulnerability is a “hole” in an application—say, Adobe Reader—that can be exploited to launch an attack on a computer or network system. A common method used by attackers to exploit vulnerabilities is spear phishing: sending targeted email messages that contain a malicious attachment and look harmless to the recipients. When a recipient opens the attachment, malware is deployed and the targeted attack begins.
Life Cycle of a Vulnerability
A software vulnerability opens the door to cybercriminals. A person who discovers a vulnerability can use it to gain entry to a system and then obtain unauthorized access to data.
A vulnerability has a life cycle consisting of three stages, as shown in the table: undisclosed, zero-day, and patched.
Zero-day vulnerabilities can go unaddressed for some time, because vendors may take 90 days or even more to respond to reported threats