Zero-day security attacks reach Judgement Day

closeThis article could be out of date, as it was published 1 year 6 months 30 days ago.

The recent concentrated security attack in South Korea shows zero-day vulnerabilities remain, while attack innovations are growing in sophistication, intensity and severity.

That is according to Trend Micro who says company researchers raised the alarm about zero-day threats, which also struck against Oracle’s Java and Adobe’s Flash Player, Acrobat and Reader.

An attack which exploits previously unknown vulnerability in a computer application, zero-day attacks essentially begin on ‘day zero’.

As a consequence Micro says the breaches show vulnerabilities are emerging faster than they can be patched and are quickly being incorporated into professional attack kits such as the “Black Hole Exploit Kit.”

“Of course Java is cross-platform and that is somewhat attractive to criminals, but what is really attractive is its vulnerabilities and its ubiquity,” says Rik Ferguson, Security Research vice president, Trend Micro.

“This definitely won’t be the last zero-day vulnerability in Java and it won’t be the end of the vast attack surface that it currently offers to criminals.”

South Korea attacks:

The high-profile attacks executed in South Korea in March reinforce that theft is no longer the sole focus of hacking efforts according to Micro, but rather these breaches are also designed to cripple critical networks.

“Given the capability of what took place in South Korea, it is likely that increasingly destructive attacks will continue to be a threat,” says Tom Kellermann, vice president, Cyber Security.

“With each quarter, attacks are becoming bolder and more targeted, pointing to concerns far beyond the compromise of personal data.”

Micro’s New Zealand senior security architect Peter Benson believes that by their very nature, many zero-day vulnerabilities are not detectable using outdated technology, risking a number of businesses in the process.

“it is likely – and probable – that there are companies already compromised that do not have sufficient visibility to detect or qualify this,” Benson says.

“Add to this the additional complexity that the attackers are employing, including logic bombs, time activated code, and automated data collection/infiltration systems, and companies that are not up to speed with the changes to the threat landscape are going to end up in a world of pain.”

For the complete Trend Micro’s Q1 2013 Security Roundup Report click here

Follow Us
on Google+
Sponsored

Hilton Auckland

As more and more conferences and events arrive in New Zealand, the opportunity to gain knowledge and build networks becomes better every day. Conferences can be hard work, and there’s nothing like retiring to a nice hotel room at the end of the day to relax and rest. But how do you turn a night in a hotel room into a lesson in building brand loyalty?   Read More →

Android App Review: Vimeo

NetGuide I review a lot of apps that, for one reason or another, aren’t that good. But it’s rare to find one that’s actually irredeemably broken. Video sharing website Vimeo’s app, however, is closer than it should be for an app with such obvious potential.   Read More →

Review: Samsung Gear S

NetGuide It takes something pretty special to stand out from the crowd in the smart wearable space. With new smartwatches and bands launching on a weekly basis, there’s lots of noise and plenty of confusion.   Read More →