How to protect your company from 'zero-day' exploits
Computerworld - A "zero-day" exploit is any vulnerability that's exploited immediately after its discovery. This is a rapid attack that takes place before the security community or the vendor knows about the vulnerability or has been able to repair it. Such exploits are a Holy Grail for hackers because they take advantage of the vendor's lack of awareness and the lack of a patch, enabling the hacker to wreak maximum havoc.
Zero-day exploits are often discovered by hackers who find a vulnerability in a specific product or protocol, such as Microsoft Corp.'s Internet Information Server and Internet Explorer or the Simple Network Management Protocol. Once they are discovered, zero-day exploits are disseminated rapidly, typically via Internet Relay Chat channels or underground Web sites.
Why is the threat growing?
Although there haven't yet been significant zero-day exploits, the threat is growing, as evidenced by the following:
- Hackers are getting better at exploiting vulnerabilities soon after discovery. It would typically take months for vulnerabilities to be exploited. In January 2003, the SQL Slammer worm exploit appeared eight months after the vulnerability was disclosed. More recently, the time between discovery and exploitation has been reduced to days. Just two days after Cisco Systems Inc. disclosed a vulnerability in its Internetworking Operating System software, exploits were seen; MS Blast was exploited less than 25 days after the vulnerability was disclosed, and Nachi (a variant of MS Blast) struck a week later.
- Exploits are being designed to propagate faster and infect larger numbers of systems. Exploits have evolved from the passive, slowly propagating file and macro viruses of the early 1990s to more active, self-propagating e-mail worms and hybrid threats that take a few days or a few hours to spread. Today, the latest Warhol and Flash threats take only a few minutes to propagate.
- Knowledge of vulnerabilities is growing and more are being discovered and exploited.
For these reasons, zero-day exploits are a scourge for most enterprises. A typical enterprise uses firewalls, intrusion-detection systems and antivirus software to secure its mission-critical IT infrastructure. These systems offer good first-level protection, but despite the best efforts of security staffers, they can't protect enterprises against zero-day exploits.
What to look for
By definition, detailed information about zero-day exploits is available only after the exploit is identified. To understand how to determine if your company has been attacked by a zero-day exploit, here is an example:
In March 2003, a Web server run by the U.S. Army was compromised by an exploit using a buffer-overflow vulnerability in WebDAV. This was before Microsoft was aware of the vulnerability, and hence no
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Cybercrime and Hacking White Papers | Webcasts