Frustrating Revelations about Zero-Day Threats and Their Lack of Detection for 2 Whole Months

May 26, 2015  By Pierluigi Paganini


The recent report from ISTR has outlined the fact that zero-day vulnerabilities remain unresolved for 59 days. What you can do for online protection.

Symantec and the recently published Internet Security Threat Report (ISTR) have made a truly frustrating revelation as to the time period, in which zero-day threats remain undetected. Whereas in 2013 this time period has been less than four days, it seems that the time now has multiplied by a lot.  Indeed, such vulnerabilities remain unresolved for about 59 days and this is really shocking news to grasp. The software companies involved in the patching of these vulnerabilities had to spend a lot of time and nearly reached two whole months until they were able to deal with the threat effectively.

Symantec ISTR Report zero-day

The hackers and the ones pulling off the attack were greatly benefited by the time period that was significantly longer than expected and they exploited the vulnerabilities to a huge extent (like in the example of Heartbleed Bug). One thing that has drawn great attention to this specific report is the acknowledgement that such attacks have been astonishingly precise and to the point, as they required fewer emails and they resulted in more significant breaches. Other problems that emerged included the use of a compromised email to reach other, more important business emails, as well as the creation of customized attack software upon the penetration to the targeted system for further access and flexibility.

Alongside email scams and targets, nowadays hackers have also focused on mobile devices and social media. These are two new and profitable options for them, which they are not willing to give up that easily. In order for both businesses and individuals to remain protected in such a hostile environment, it makes total sense that the proper knowledge and the right tools are set into motion. Let’s have a look at what you ought to pay attention to, so as to get the maximum benefits out of the web and minimize, if not eliminate the threats deriving from zero-day vulnerabilities:

  • Internet users should make their passwords as solid as possible. The passwords remain a great wall defending your sensitive data and therefore they need to be powerful, unique, complex and hard to guess.
  • Social media sharing needs to be exceptionally frowned upon. Even if you are tempted to share something with your friends, you ought to think twice and of course adjust the privacy settings on your social media account accordingly.
  • Sharing via email should also be checked thoroughly. It is important to remember that threats can be disguised and that phishing is frequently used as a form of exploitation.
  • Businesses should stay up-to-date with the latest security tools that can alert them when things go wrong. Investing in protective software and additional tools can be proven truly effective in the long run.
  • Enterprises can backup their files and generally prepare for any negative scenario they come up against. There are risks that you need to have thought of in advance, so as to overcome the problems efficiently as they arise.
  • Everyone should be thoroughly educated in the field of Internet Security. Especially when it comes to businesses, it is of unique and unparalleled importance to educate all your staff for making all the employees perfectly reliable against such threats.

Given the severity of the problems that a lot of businesses and individuals have to tackle with regarding Internet Security, you should structure a strategy that highlights the dangers and that suggests solutions. Viable solutions can be found at all times, provided that there is the will to try, experiment with different approaches and come up with the best solution!

Written by: Ali Qamar, Founder/Chief Editor at SecurityGladiators.com

Author Bio:
Ali Qamar is an Internet security research enthusiast who enjoys “deep” research to dig out modern discoveries in the security industry. He is the founder and chief editor at Security Gladiators, an ultimate source for cyber security. To be frank and honest, Ali started working online as a freelancer and still shares the knowledge for a living. He is passionate about sharing the knowledge with people, and always try to give only the best. Follow Ali on Twitter @AliQammar57

Pierluigi Paganini

(Security Affairs – Symantec ISTR Report, zero-day)



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

Tox, how to create your ransomware in 3 steps

 McAfee discovered in the Deep Web a ransomware-construction kits that allow easy to build malware in just 3 steps, implementing...