Symantec and the recently published Internet Security Threat Report (ISTR) have made a truly frustrating revelation as to the time period, in which zero-day threats remain undetected. Whereas in 2013 this time period has been less than four days, it seems that the time now has multiplied by a lot. Indeed, such vulnerabilities remain unresolved for about 59 days and this is really shocking news to grasp. The software companies involved in the patching of these vulnerabilities had to spend a lot of time and nearly reached two whole months until they were able to deal with the threat effectively.
The hackers and the ones pulling off the attack were greatly benefited by the time period that was significantly longer than expected and they exploited the vulnerabilities to a huge extent (like in the example of Heartbleed Bug). One thing that has drawn great attention to this specific report is the acknowledgement that such attacks have been astonishingly precise and to the point, as they required fewer emails and they resulted in more significant breaches. Other problems that emerged included the use of a compromised email to reach other, more important business emails, as well as the creation of customized attack software upon the penetration to the targeted system for further access and flexibility.
Alongside email scams and targets, nowadays hackers have also focused on mobile devices and social media. These are two new and profitable options for them, which they are not willing to give up that easily. In order for both businesses and individuals to remain protected in such a hostile environment, it makes total sense that the proper knowledge and the right tools are set into motion. Let’s have a look at what you ought to pay attention to, so as to get the maximum benefits out of the web and minimize, if not eliminate the threats deriving from zero-day vulnerabilities:
Given the severity of the problems that a lot of businesses and individuals have to tackle with regarding Internet Security, you should structure a strategy that highlights the dangers and that suggests solutions. Viable solutions can be found at all times, provided that there is the will to try, experiment with different approaches and come up with the best solution!
Ali Qamar is an Internet security research enthusiast who enjoys “deep” research to dig out modern discoveries in the security industry. He is the founder and chief editor at Security Gladiators, an ultimate source for cyber security. To be frank and honest, Ali started working online as a freelancer and still shares the knowledge for a living. He is passionate about sharing the knowledge with people, and always try to give only the best. Follow Ali on Twitter @AliQammar57
(Security Affairs – Symantec ISTR Report, zero-day)