Frustrating Revelations about Zero-Day Threats and Their Lack of Detection for 2 Whole Months

The recent report from ISTR has outlined the fact that zero-day vulnerabilities remain unresolved for 59 days. What you can do for online protection.

Symantec and the recently published Internet Security Threat Report (ISTR) have made a truly frustrating revelation as to the time period, in which zero-day threats remain undetected. Whereas in 2013 this time period has been less than four days, it seems that the time now has multiplied by a lot.  Indeed, such vulnerabilities remain unresolved for about 59 days and this is really shocking news to grasp. The software companies involved in the patching of these vulnerabilities had to spend a lot of time and nearly reached two whole months until they were able to deal with the threat effectively.

The hackers and the ones pulling off the attack were greatly benefited by the time period that was significantly longer than expected and they exploited the vulnerabilities to a huge extent (like in the example of Heartbleed Bug). One thing that has drawn great attention to this specific report is the acknowledgement that such attacks have been astonishingly precise and to the point, as they required fewer emails and they resulted in more significant breaches. Other problems that emerged included the use of a compromised email to reach other, more important business emails, as well as the creation of customized attack software upon the penetration to the targeted system for further access and flexibility.

Alongside email scams and targets, nowadays hackers have also focused on mobile devices and social media. These are two new and profitable options for them, which they are not willing to give up that easily. In order for both businesses and individuals to remain protected in such a hostile environment, it makes total sense that the proper knowledge and the right tools are set into motion. Let’s have a look at what you ought to pay attention to, so as to get the maximum benefits out of the web and minimize, if not eliminate the threats deriving from zero-day vulnerabilities:

• Internet users should make their passwords as solid as possible. The passwords remain a great wall defending your sensitive data and therefore they need to be powerful, unique, complex and hard to guess.
• Social media sharing needs to be exceptionally frowned upon. Even if you are tempted to share something with your friends, you ought to think twice and of course adjust the privacy settings on your social media account accordingly.
• Sharing via email should also be checked thoroughly. It is important to remember that threats can be disguised and that phishing is frequently used as a form of exploitation.
• Businesses should stay up-to-date with the latest security tools that can alert them when things go wrong. Investing in protective software and additional tools can be proven truly effective in the long run.
• Enterprises can backup their files and generally prepare for any negative scenario they come up against. There are risks that you need to have thought of in advance, so as to overcome the problems efficiently as they arise.
• Everyone should be thoroughly educated in the field of Internet Security. Especially when it comes to businesses, it is of unique and unparalleled importance to educate all your staff for making all the employees perfectly reliable against such threats.

Given the severity of the problems that a lot of businesses and individuals have to tackle with regarding Internet Security, you should structure a strategy that highlights the dangers and that suggests solutions. Viable solutions can be found at all times, provided that there is the will to try, experiment with different approaches and come up with the best solution!

Written by: Ali Qamar, Founder/Chief Editor at SecurityGladiators.com

Author Bio:
Ali Qamar is an Internet security research enthusiast who enjoys “deep” research to dig out modern discoveries in the security industry. He is the founder and chief editor at Security Gladiators, an ultimate source for cyber security. To be frank and honest, Ali started working online as a freelancer and still shares the knowledge for a living. He is passionate about sharing the knowledge with people, and always try to give only the best. Follow Ali on Twitter @AliQammar57

Pierluigi Paganini

(Security Affairs – Symantec ISTR Report, zero-day)