Zero Day Threats & Advanced Persistent Threats

security breach1Monday, Tuesday Wednesday, Thursday, Zero Day.

Welcome to the new working week

Unless you are an IT Security Specialist the terms Zero Day Threats and Advanced Persistent Threat are either new to you or are just phrases you have come across, you probably haven’t got a clear grasp of what they are, or considered the implications and what they could mean to your business.
The first thing to say is that “Zero Day” just means it hasn’t been identified yet, we hope in the best possible world  that they are quickly identified and added to the list of known exploits, but we have to accept that they may as was the case with Heart Bleed be in circulation for tens of years.
To clarify things I will give you a short description of the main Zero Day things you may come across beginning with the Zero Day Exploit which is a vulnerability in code or software, from the moment the software is released with the fatal flaw it opens what is known as the Vulnerability Window a sequence of events that usually unfold in the following fashion.

  • The developer creates software containing an unknown vulnerability.
  • The attacker finds the vulnerability before the developer does (or while the developer is aware of but has neglected or been unable to fix it).
  • The attacker writes an exploit while the vulnerability is either not known to the developer or known but still not closed (e.g., due to an internal assessment of the threat’s potential damage costs being lower than the costs of developing a fix), usually also using and distributing it.
  • The developer or the public becomes aware of the exploited vulnerability and the developer is forced to start working on a fix, if not already working on one.
  • The developer releases the fix.

(Thank you Wikipedia for the timeline above)

Provided we update the software with the relevant fix the vulnerability window closes for us, this is why patches are so vitally important.
The Zero Day Virus is a piece of Malware that hasn’t come to the attention of the Malware researchers employed by the major Antivirus companies, who compete to become the first to identify this week’s completely new model or variant of an existing piece of malware. Variants happen as the originator of the threat tweaks it to make it more effective at its job or just to try to prevent detection. To confuse matters once a piece of Malware is out there in what is termed the Wild (what we would call my computer or server) it is available for any enterprising Cyber Criminal to re-engineer to make yet another variant. It has been estimated that the release rate of malicious code and other unwanted programs are in all probability exceeding that of legitimate software applications.
Of course occasionally something truly terrifying emerges such as Regin (Nothing to do with hair loss) which is akin to the bird flu of the computer world.
The worry for you and your IT team is the potential of the Zero Day Threat that is sitting on your system today having eluded all of your defences including your Antivirus software, which is blissfully unaware of its existence. Our undetected Zero Day threat although unknown and undetected could easily become the conduit for Cyber Criminals to infect or hack your network either spreading malware or as part of an Advanced Persistent Threat (APT). Tamite IT of Haywards Heath have created IT security seminars to explain the myriad threats you face and explain strategies to protect you and your network.
APTs, Zero Day Threats and Root Kits are all extremely difficult if not impossible to detect using traditional approaches. To detect these threats you need something a little more sophisticated and agile, something that is more nuanced and targeted such as Cyber Spears Persistence.

Leave a Reply

Your email address will not be published. Required fields are marked *