Crooks Zero in on Vulnerable Data
Zero-day attacks—the name given to exploits of vulnerabilities for which no patch is available—are the bêtes noires of IT security. Unfortunately, discoveries of not-yet-patchable vulnerabilities are on the rise, raising the specter of more zero-day exploits.
There were 12 such vulnerabilities during the second half of 2006, compared to just one in the six months prior, according to a recent Symantec Internet Security Threat Report.
"It's likely we'll continue to see an increase in these problems," says Dean Turner, a senior manager of development at Symantec Security Response.
There are two drivers—one, it's easier, because hackers are taking advantage of software tools such as "fuzzers," which automatically sniff out application vulnerabilities, Turner says. Two, it's more profitable than in the past, as hackers can now make money either by selling the information about the vulnerability to criminals or by exploiting the weakness themselves.
Turner says that tech crooks are moving away from core operating systems, because those systems now have stronger defenses; instead, the hackers are focusing more on third-party applications.
As evidence of that trend, the majority of recent vulnerabilities pertained to Microsoft Office applications, Internet Explorer, and ActiveX controls, according to the report. Because of the large number of third-party applications running on a computer, they are more likely to have vulnerabilities, says Turner. Some such applications may not use best software security practices.
Not surprisingly, many hackers have been focusing on financial institutions and other firms that are "rich in intellectual property," such as IT companies and defense contractors," says Larry Ponemon, CEO of the Ponemon Institute, which researches privacy management practices. But they are doing so in an increasingly focused manner, he says. In the case of banks, criminals might target some of the most high-value accounts, he says.
To defend against zero-day attacks, companies should track reports of zero-day vulnerabilities and beef up intrusion detection, with an eye toward suspicious activity that appears to target those vulnerabilities.
Security software vendors are constantly working on ways to help them do this. One method of combating zero-day attacks involves signature matching, which seeks out variants of known exploitation code or malware. Another technique involves heuristic, or behavior-based, solutions, which use algorithms to identify threats based on their behavior.
Many banks and other companies use event correlation software to detect security breaches and their causes, says Ponemon. When combined with skilled analysis by security professionals, such tools can "tease out patterns of a bigger problem."
For more information on zero-day vulnerabilities and attacks, go to "Beyond Print," and scroll to this item for links to resources, such as the zero-day tracker.