Friday 11 April, 2014

Zero Day Attacks – A Serious Threat to Internet Security

Of all hacking attacks, zero day attacks are the most dangerous. These are the attacks that come from out of nowhere and grab sensitive data or large sums of money from businesses and government agencies.

How Hackers Attack

Hackers gain access to networks by exploiting vulnerabilities in programs and platforms. It takes time for them to discover these vulnerabilities. Once a number of hackers carry out these attacks, developers figure out ways to patch the weaknesses so that these attacks will no longer be effective.

A zero day attack, also sometimes called zero hour attack, is one that exploits a new vulnerability that the developer hasn’t had time to patch yet. In other words, it’s a surprise attack that takes advantage of weaknesses we weren’t aware of. This is why they’re so potentially dangerous.

Responding to Zero Day Attacks

When a zero day attack occurs, it sends developers scrambling to patch it up. It’s a race against time as they test their program and search for the hole that let the hackers in. The developer will then release a patch to those who purchased the program so that they can protect themselves against further attacks.

Sometimes, developers were aware of the vulnerability beforehand but just haven’t released a patch yet. They may hold off on releasing the patch because the weakness isn’t so dangerous. Even if hackers manage to exploit it and gain access, there’s not much they can do.

Another reason they may not offer a patch immediately is that they don’t want to inundate customers with updates. As any software user knows, constant updates can be an annoyance. Many venders release the patches together as one update.

Pentesting to Patch up Vulnerabilities

A good way that developers can prevent zero day attacks is what’s called pentesting. Companies that perform pentesting basically attack a program or system to see where its weaknesses lie. These companies are experts at finding and exploiting vulnerabilities. Pentesting is a kind of trial by fire. By attacking the system, they can find its weaknesses before real hackers have a chance to.

Protecting Yourself against Zero Day Attacks

As a software buyer, there’s not much you can do to prevent zero day attacks on your end. However, when considering software options, you can shop around and buy from a developer or vender who performs testing to prevent zero day attacks. Some developers test more vigorously than others.

Certain developers have other security safeguards in place that can prevent attacks. You can find out from developers about their contingency plans in case an attack occurs. For example, some have instant protections using the cloud that will mitigate the severity of the attack. Look for this when considering software options.

Bob Steele

Bob Steele is an entrepreneur, software developer, marketer, and author living in the Denver metropolitan area. He’s an avid outdoorsman who loves skiing, hiking, fishing, boating, and just plain having fun. His interests include games, space, technology, physics, cooking (well eating actually), economics, business, internationalism, and team sports. With over thirty years of professional consulting experience, Bob has been exposed to many diverse business models and has gained a sensible approach to life. Bob’s company, WaveCentric is focused on commerce, marketing, and entertainment related products.

More Posts - Website

Comments Off on Zero Day Attacks – A Serious Threat to Internet Security   Posted In: Mobile Computing   |    Written By: Bob Steele