With the use of big data in many firms the vulnerabilities, threats and the risk involved with the data also goes to an extended height. There are various system holes which give attackers an advent opportunity to infiltrate the corporate system and fetches out the confidential information of the firm.
A zero-day attack is the one that exploits the unknown vulnerability of the system prior to the knowledge of software maker about the flaws. The known targets are telecom, government, NATO, Energy and academic. Although the bug bounty tries to point out the flaws as soon as possible but sometimes because of the non-availability of the security patches the attackers get to know about the unknown vulnerabilities and hence it is called as zero-day. The vulnerability window length may vary from 1 day to 10 years or more on an average it is around 10 months. Microsoft releases its security patches on every second Tuesday of the month. By analysing this patch the attackers immediately exploits the previous vulnerability and with this comes the term ‘exploit Wednesday’. The exploiters use various techniques such as Fuzz Technology to find out the bugs and snoop through PC. In the recent updates FireEye revealed the campaign of Russianattackers exploited two zero-day bugs for 32-bit windows which were impacted by the TTF flaw in the office documents. The attack vectors used by malware writers have made Microsoft to release MS14-058 for TTF flaw in office document and MS14-060 for OLE package to protect the systems. One of the major concern is for windows XP users as Microsoft has declared that it would discontinue the support for windows XP and it will have zero-day forever because of reverse engineered secure patch for the newer versions of windows.
US-CERT is an organisation which analyses the cyber threat and reduce the vulnerabilities and coordinate the incident response activities as well as has an expertise to target on the the malicious activities on the networks. As a protection scheme by any organisation against the zero day threat it is advisable to follow the guidelines provided by US-CERT.
There are several tactics given below for a zero day offense
1. Using more robust form of vulnerability management system and having resilient layers to protect against the zero day attack.
2. Having well configured firewalls
3. Providing full protection to the critical systems
4. Identification of the threat at an early stage
5. The testing of software codes at a more advance level.
Archita Srivastava
MBA-IT
IIIT Allahabad