Sunday, June 19, 2016

What is a Zero Day Threat ?


A zero-day threat is a threat that exploits an unknown security vulnerability, even before the developers of the software are aware of it. It uses the unknown vulnerability in the software and creates complicated problems of data theft and identity theft. The threat is known as “zero-day” because once the flaw is discovered, the developers get zero-day to plan and advise mitigation against the threat.


Attack Vectors


Zero-day vulnerabilities can be exploited by the attackers through several attack vectors :

  • When a user visits a malicious website, the malicious code in the website can exploit some security vulnerability in the web browser to infect the system.
  • Cybercriminals can use social engineering to infect a system. For example, they may send a phishing email with an attachment, on clicking on which malicious code may start execution and download the malware into the system, thereby infecting it.
  • Attackers can use malvertising (How does malvertising work ? ) to inject malware-laden online advertisements into legitimate online advertising networks and webpages and infect a system.
  • Attackers can use drive-by downloads (How does drive-by download work ? ) to infect a system with the malware while the user visits a malicious website.
  • The attackers may even take advantage of known security vulnerabilities of Operating Systems and other commonly used software to infect the system with malware.


Zero-day Vulnerability Timeline






A Zero-day threat typically follows the timeline mentioned below :

  • Developers create a software, but it contains a security vulnerability unknowingly.
  • The software gets released and the attackers find out the vulnerability, even before the developers get a chance to find it out or fix it.
  • The attackers exploit that vulnerability and create malware.
  • The attackers use social engineering or take advantage of other security vulnerabilities of Operating Systems and other commonly used software to infect a system with the malware.
  • The attackers steal sensitive data from the infected sytems or plan for even more attacks.
  • The users come to know about the information and identity theft or the developers become aware of the vulnerability.
  • The developers respond quickly to release a patch to mitigate it.


How to prevent Zero Day Threat ?


A couple of steps can be taken to protect systems, once a zero-day threat becomes known for which no patch is released yet.

  • Configure firewalls properly (How do firewalls work ? ).
  • Use only essential applications. A zero day threat mostly takes advantage of security vulnerabilities of applications to infect systems. And, lesser the applications, lesser are the vulnerabilities.
  • As mentioned earlier, a zero-day threat takes advantage of security vulnerabilities of Operating Systems and other commonly used software to infect a system. So, patch the Operating Systems and other software with most recent security patches.
  • Use Intrusion Detection and Prevention System (How does a IDS work ? ) or other advanced technologies like NGFW (How does Next Generation Firewall work ? ), NGAV (How does Next Generation Anti-Virus work ? ) or SSL Inspectors (How do SSL Inspectors work ? ) to detect and prevent threats.



No comments:

Post a Comment