How to protect your company from 'zero-day' exploits
Computerworld - A "zero-day" exploit is any vulnerability that's exploited immediately after its discovery. This is a rapid attack that takes place before the security community or the vendor knows about the vulnerability or has been able to repair it. Such exploits are a Holy Grail for hackers because they take advantage of the vendor's lack of awareness and the lack of a patch, enabling the hacker to wreak maximum havoc.
Zero-day exploits are often discovered by hackers who find a vulnerability in a specific product or protocol, such as Microsoft Corp.'s Internet Information Server and Internet Explorer or the Simple Network Management Protocol. Once they are discovered, zero-day exploits are disseminated rapidly, typically via Internet Relay Chat channels or underground Web sites.
Why is the threat growing?
Although there haven't yet been significant zero-day exploits, the threat is growing, as evidenced by the following:
- Hackers are getting better at exploiting vulnerabilities soon after discovery. It would typically take months for vulnerabilities to be exploited. In January 2003, the SQL Slammer worm exploit appeared eight months after the vulnerability was disclosed. More recently, the time between discovery and exploitation has been reduced to days. Just two days after Cisco Systems Inc. disclosed a vulnerability in its Internetworking Operating System software, exploits were seen; MS Blast was exploited less than 25 days after the vulnerability was disclosed, and Nachi (a variant of MS Blast) struck a week later.
- Exploits are being designed to propagate faster and infect larger numbers of systems. Exploits have evolved from the passive, slowly propagating file and macro viruses of the early 1990s to more active, self-propagating e-mail worms and hybrid threats that take a few days or a few hours to spread. Today, the latest Warhol and Flash threats take only a few minutes to propagate.
- Knowledge of vulnerabilities is growing and more are being discovered and exploited.
For these reasons, zero-day exploits are a scourge for most enterprises. A typical enterprise uses firewalls, intrusion-detection systems and antivirus software to secure its mission-critical IT infrastructure. These systems offer good first-level protection, but despite the best efforts of security staffers, they can't protect enterprises against zero-day exploits.
What to look for
By definition, detailed information about zero-day exploits is available only after the exploit is identified. To understand how to determine if your company has been attacked by a zero-day exploit, here is an example:
In March 2003, a Web server run by the U.S. Army was compromised by an exploit using a buffer-overflow vulnerability in WebDAV. This was before Microsoft was aware of the vulnerability, and hence no
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts