In 02, then Secretary of Defense Donald Rumsfeld took a ridiculous press briefing when he uttered his famous quote: "there are known unknowns ... things we know we do not know. But there-a-also unknown unknowns. There are things we do not know we do not know. "While Rumsfeld made no reference to the zero-day vulnerabilities, its response is similar to the definition of textbooks. Zero-day vulnerabilities are unknown unknowns, and here's what you need to know to protect yourself.
what is a Zero-Day vulnerability?
a zero-day vulnerability is a software security hole in an operating system or a browser that is unknown for antivirus vendors, software makers, and the general public. Unfortunately, it is not unknown for hackers who use the hole to plant malware, a trojan or a virus on a computer or mobile device. Consider a thief sneaking through a window you did not know you left unlocked
the term "zero-day" originally referred to the number of days since a software program was made public. "zero-day" software was an original software, and therefore extremely valuable to hackers. Today, zero-day refers to the amount of time the security hole is known to the software manufacturer.
zero-day vulnerabilities differ from zero-day threats or attacks. Once a hacker exploits a previously unknown vulnerability actively interfere with the computer or device to a user, it is a race between the hacker and the developer who must find a way to protect users.
zero-day vulnerabilities were once rare, but they are becoming more frequent and value the security and intelligence government agencies around the world use to engage in cyber war against their enemies.
Examples of attacks Zero-Day
If you think zero-day attacks are a potential threat to average users, think again. Here are some great zero-day attacks on products used by millions of people:
- In February 2013, the Kaspersky Lab analysis team discovered a zero-day attack exploiting a vulnerability in the Acrobat Reader from Adobe. The attack bypassed the sandbox protection and anti-exploitation has been used as a cyber espionage tool.
- In April 2014, Microsoft vulnerabilities in Internet Explorer was exploited in a series of targeted attacks take advantage of the Flash Operating techniques to get past the standard Windows security precautions.
- massive hacks Sony at the end of 2014 were the result of a zero-day attack against the corporate network. Hackers used a technique known as "spear phishing" to insert malicious code in attachments.
- In February 2015, hackers have successfully organized a series of attacks on Malvertising Daily Motion site by exploiting weaknesses in Adobe Flash player. The company advised users to disable Flash for several days while a patch was developed.
In fact, zero-day vulnerabilities in Java and Adobe Flash player in the past two years have resulted in extremely effective and damaging malvertising campaigns launched from pop-up advertisements placed on respectable sites like Yahoo and the New York Times. Unprotected users infected with malicious software are vulnerable to the loss of personal and financial data.
How to protect against Zero-Day attacks
Software makers are constantly on the lookout for zero-day vulnerabilities and releasing patches to fix the problem as soon as they are identified. Microsoft, for example, issues security updates and patches on the second Tuesday of each month, commonly known as "Patch Tuesday."
The operating systems and browsers are vulnerable to zero-day attacks. Put update your browser regularly to get the best security features. Use the "Help" on your browser to check for updates; alternatively, you can set your browser to download updates automatically. Always install updates to your operating system as they become available.
Be alert for all notifications on updates and security patches for the software you have installed on your computer or device, as well.
If you use public Wi-Fi hotspots, you are also at increased risk for zero-day attacks, because most public networks are not encrypted. For regular users of public Wi-Fi, Hotspot Shield is a must-have to protect against malware and phishing.
Sometimes, despite your precautions, you can be the victim of a zero-day attack. After performing a full system scan, remember to clear your cache and delete all cookies. Change the passwords on all your sensitive accounts; use long strong passwords and then log out of all your accounts. To protect against vulnerabilities in popular browsers like Internet Explorer, consider using an open source browser such as Firefox, which has an active community of developers and large user base.
0 Komentar