Friday, November 16, 2012

Threats "zero-day" - the fear of the unknown

Unclosed vulnerabilities in software are "gateway" through which penetrate into the computer system by hackers and malicious software. 

According to the company Secunia, half-user computers running Microsoft Windows is installed, on average, more than 66 programs from 22-vendors. The use of such a large number of heterogeneous software without means of automated patch management leads to the fact that much of the software does not have all the required patches.

The problem is compounded by the fact that for a number of vulnerabilities patch does not exist. Attacks carried out by hackers already discovered flaws, which have not yet issued a corrigendum and of which remains to be seen on a large number of computer professionals are called attacks "zero day". Such attacks pose the greatest danger to the user and at the same time great value for cybercriminals.

During the period of "zero day" attackers have the best conditions for the attacks: ready hacking exploit, and the lack of available patches and antivirus signatures. However, many users ignore the need to install patches for the software even after their release - in particular for the software that is not part of the operating system.

How usually takes a period of "zero day"? A recent study of "Before We Knew It. An Empirical Study of Zero-Day Attacks In The Real World "shows that it continues for a long time - an average of 10 months.

The biggest problem with the attacks "zero-day" - the inability of traditional signature detection means of protection because of vulnerability "zero day" is not known to anyone except for the hacker or hackers and vendors. Deal with such threats only possible through proactive methods such as behavioral analysis of suspicious programs, search dangerous instructions in the code, and control the integrity of system files.

"Organizations that do not use proactive protection technologies, are not protected from the latest threats for a long time until the release of the corresponding patch. This is a dangerous practice that promotes cyber criminals "- experts warn eScan.

Significant vulnerabilities by "zero-day" - a critical vulnerability, that is, the gaps, allowing the hacker to gain complete control over the system.

Do not delay protection from dangerous threats in the months before the patch is available that covers the problem. Ensure the availability of proactive protection!

No comments:

Post a Comment