Shining a light on zero-day attacks

Zero-day vulnerabilities are “a free pass to any target [criminals] might wish to attack, from Fortune 500 companies to millions of consumer PCs around the world”, says the report. Since there is no defense they are often thought to be used primarily against high profile, high value targets (such as the zero-days used against Google and others in the Aurora attacks, the four zero-days used in the Stuxnet attacks on Iran, and the zero-day used in the RSA SecurID attack). For this reason, note the researchers, “the market value of a new vulnerability ranges between $5,000–$250,000.”

Knowledge of the use of the vulnerability during the period that it is unknown (that is, the life of the zero-day) is unsurprisingly sparse. Two researchers from Symantec Research Labs, Leyla Bilge and Tudor Dumitras, have sought to change that in a detailed study using historical data over a period of four years.

Using data collected from 11 million Windows PCs they looked for evidence of downloaded executables that were associated with zero-day attacks. Because this was done for data over a four-year period, they were able to make relevant assumptions. “For example”, say the researchers, “when we find records for the presence of a malicious executable in the wild before the corresponding vulnerability was disclosed, we have identified a zero-day attack.”

The study provides new insight into the prevalence, duration and targets of zero-day vulnerabilities; and some of the conclusions are surprising while others confirm suspicions. Unsurprising is that most attacks affect just a few hosts, confirming the targeted nature of their use. More surprising is their duration. “Zero-day attacks last between 19 days and 30 months, with a median of 8 months and an average of approximately 10 months”, say the researchers.

Similarly unsurprising is that malware exploiting a zero-day vulnerability after it is disclosed increases – but the extent of that increase is staggering: “the number of malware variants exploiting them increases 183–85,000 times and the number of attacks increases 2–100,000 times.”

Shining a light on zero-day attacks

You may also like

Microsoft fixes critical denial-of-service vulnerability in ASP.NET

FBI Warns of 'Vishing' Attacks using VoIP Software

Microsoft Issues Advisory on New Zero-day Exploit

Patch Tuesday Includes Fixes for Two, Not One, Internet Explorer Zero-day Exploits

Comfoo – the APT RAT that Ratted on RSA

What’s hot on Infosecurity Magazine?

Alarming Decline in Cybersecurity Job Postings in the US

Quishing Attacks Jump Tenfold, Attachment Payloads Halve

Akira Ransomware Group Rakes in $42m, 250 Organizations Impacted

North Korean Group Kimsuky Exploits DMARC and Web Beacons

New Cyber-Threat MadMxShell Exploits Typosquatting and Google Ads

Russia's Sandworm Upgraded to APT44 by Google's Mandiant

Cybersecurity Pros Urge US Congress to Help NIST Restore NVD Operation

North Korean Group Kimsuky Exploits DMARC and Web Beacons

Report Suggests 93% of Breaches Lead to Downtime and Data Loss

US Government and OpenSSF Partner on New SBOM Management Tool

Russia and Ukraine Top Inaugural World Cybercrime Index

FBI Warns of Massive Toll Services Smishing Scam

Incident Response: Four Key Cybersecurity Measures to Protect Your Business

Is MFA Enough? Strategies for Next-Level Identity Security in 2024

Disinformation Defense: Protecting Businesses from the New Wave of AI-Powered Cyber Threats

Navigating the Evolving Cybersecurity Compliance Landscape in 2024

Adapting to Tomorrow's Threat Landscape: AI's Role in Cybersecurity and Security Operations in 2024

Untangling the Web: Navigating Third-Party Risk in a Hyperconnected World

Infosecurity Magazine Spring Online Summit 2024: Day One

Infosecurity Magazine Spring Online Summit 2024: Day Two

Russia’s Midnight Blizzard Accesses Microsoft Source Code

I-Soon GitHub Leak: What Cyber Experts Learned About Chinese Cyber Espionage

LockBit Takedown: What You Need to Know about Operation Cronos

Women in Cybersecurity at Infosecurity Europe 2024