Zero Day Exploits Explained

There are literally hundreds, if not thousands or approaches cyber criminals can use to exploit your IT infrastructure and access sensitive data.  Once an exploit is discovered it can be dealt with using signature-based technologies that scan for that signature and apply the appropriate measure to prevent its impact.  But how do you deal with a cyber attack that hasn’t been seen before by your security vendor?  Specifically, how do you deal with the first occurrence of a new cyber attack?  These “first occurrences” are known as a zero day threat.

According to technopedia, a zero-day threat is:

“A zero-day threat is a threat that exploits an unknown computer security vulnerability. The term is derived from the age of the exploit, which takes place before or on the first (or “zeroth”) day of a developer’s awareness of the exploit or bug. This means that there is no known security fix because developers are oblivious to the vulnerability or threat.

Attackers exploit zero-day vulnerabilities through different vectors. Web browsers are the most common, due to their popularity. Attackers also send emails with attachments exploiting software attachment vulnerabilities.”

The good news is that zero day exploits have a shelf life of as long as it takes for the industry (read security vendors) to discover it, forensically diagnose how it works and then apply a fix to their solutions in the way of a software patch, a signature update or an update to their cloud services.  The bad news is that the “vulnerability window” can sometimes be hours or even days, when it only takes minutes or even seconds for that zero day exploit to wreak havoc to your organization’s productivity, profitability and reputation.

Cyber Espionage?

According to Kim Zetter in a Wired article titled “Hacker Lexicon- What Is A Zero Day?”, “Zero day vulnerabilities and exploit codes are extremely valuable and are used not only by criminal hackers but also by nation-state spies and cyber warriors, like those working for the NSA and the U.S. Cyber Command.”  Sounds like a Hollywood movie, doesn’t it?  The sad part is that life imitates art and art imitates life more often than not when it comes to cyber attacks and the depth and breadth of impact hackers can accomplish by just creatively exploiting something previously unknown.

The SoleGate Difference 

SoleGATE™ is powered by DvC™, a signature-less engine that searches for hidden opcode instructions inside data files, regardless of code flow (encrypted, encoded) or size. The engine also analyzes active content (e.g. MS Office macros, embedded JavaScript) through next-gen de-obfuscation capabilities and an advanced set of heuristics to reveal malicious files. SoleGATE’s rapid, accurate and scalable detection capabilities fully protect customers against current and future advanced threats.

See for yourself what SoleGate can do to prevent zero day exploits in your organization. Register for a demo today. 

Recent Posts