Zero day threat. It sounds like the title of a new movie thriller. But in fact, it can be a horror story for business that are not prepared for, nor have anticipated, a cyber-attack that has no known security fix.
Here’s how it works:
Hackers discover a hardware or software security flaw that is previously unknown to developers or users. In the absence of a patch or some other solution that fixes the problem, they exploit that vulnerability by delivering a virus or worm through various vectors, typically web browsers or email attachments. As long as the flaw remains undetected, they use the window between discovery and response to disable computers, steal critical data, and generally wreak havoc on business operations.
(The term “zero day” refers to the age of the attack, which occurs on the first – or “zero” – day of the invasion, before security specialists or the IT team initially learn of the problem.)
A few years ago, this type of crime was relatively rare; from 2006 to 2014, the number of annual zero day attacks ranged from eight to 14. Then in 2014, it jumped to 25, and last year incidents more than doubled to 54. Among the targets have been Microsoft Internet Explorer, in which hackers could control user’s computers remotely, and the Adobe Flash player, where the attacks exposed users to advertisements that directed them to malware sites.
Obviously, you can’t fix a problem that you don’t know exists. But you can, however, do whatever it takes to prevent that problem from occurring in the first place.
Perhaps the most effective response is something known as sandboxing. At its most basic, this involves capturing suspected malware and putting it in quarantine – a “sandbox” – to assess its threat potential.
When dealing with zero day threats, businesses looking at a sandbox solution should take four key considerations into account:
- Catch rate. The percentage of malware captured – or missed – is critical. So you’ll want security capabilities that cover emails, attachments, urls, and downloaded files, as well as a comprehensive range of file types – Adobe PDF, Java, Flash, Microsoft Office, etc.
- CPU level inspections. Some hackers try to go around the security controls that are built into typical operating systems. CPU level inspections enable you to discover potential infections before hackers have the chance to evade standard detection processes.
- Encrypted threats. In an effort to bypass conventional industry standards, cyber-criminals often try to hide malware in SSL- (secure sockets layer) and TLS- (transport layer security) encrypted communications. Effective sandboxing allows for the extraction and launch of these files before your network is exposed.
- Speed. The longer a zero day threat goes unchecked, the greater the potential damage to your business. So when dealing with these risks – or any malware risk, for that matter – it is important that viruses, worms, or bugs be detected in minutes, not in hours or days.
In addition to sandboxing, businesses can take a number of other steps that, while not as comprehensive and secure, nonetheless have some value. These include configuring firewalls in order to more tightly control incoming and outgoing network traffic, and “whitelisting,” the creation of a list of approved applications and email addresses that are authorized to pass through security programs and spam filters.
Of course, it is also recommended that companies stay current on security patches and operating systems. While this may not prevent an attack in which the vulnerability is undetected, it can protect you from malware you may be unaware of.
No one can predict the unknowns that come with zero day threats, so the only option is to be ready for whatever might happen. If not, what may sound like the latest installation of the Jason Bourne film series could rapidly turn into a recurring Nightmare on IT Street.
ABOUT THE AUTHOR
Mark Elliott is a Best-Selling Author and CEO. His company, 3i International, helps you apply technology to improve performance and compliance. For over 25 years, Mark has been helping startups to Fortune 500 companies overcome the technology challenges they face. He develops strategies to analyze, manage, and adapt to the ever-changing technology landscape. A central focus has been security and compliance. His experience includes preventing, detecting, and responding to hackers and threats. This keeps your organization safe from invasions while simultaneously meeting regulatory compliance.