RealTime IT News

Zero-Day Attacks an Ongoing Menace

Zero-day exploits -- the most difficult hack attacks to defend against -- are on the rise, according to the SANS Institute, a security research organization.

Internet Explorer users continue to be subjected to zero-day attacks when they visit Web sites that are set up to exploit vulnerabilities in IE that Microsoft hasn't yet patched, SANS warned in an update to its annual "Top 20 Internet Security Vulnerabilities" report.

A zero-day vulnerability is a brand new security flaw that a software vendor is either unaware of or is anxiously attempting to fix. An attacker who manages to develop a method to exploit such a flaw has a potent covert weapon, one that networks and IT staff cannot easily defend against.

Mac users and those who run alternative browsers also aren't as safe online as they might expect either, according to the update released Monday. SANS says its report represents a consensus opinion of leading security experts on significant threats that are currently being widely exploited.

"I think the most surprising finding is that there is really a shift away from exploits that target mainly Microsoft products," said Dr. Johannes Ullrich, chief technology officer at the SANS Internet Storm Center. "Suddenly hackers are paying a lot of attention to Mac OSX and Firefox."

Ullrich said that security flaws are also becoming more difficult to defend against, as malicious hackers move to discover and exploit flaws well before software companies can develop and release patches.

"Two years ago, 80 percent of what we had seen were well-known issues, and now only 30 percent of attacks fall into well-known patterns," he said. "The rest are very different kinds of attacks. None of these attacks are getting much attention so they stay at a pretty low level and can continue to penetrate systems unrecognized."

The update also noted that a decline in the number of critical vulnerabilities affecting Windows services, and a rise in attacks that take advantage of flaws in applications, particularly databases.

"Attackers are going directly after important data by finding and exploiting vulnerabilities in software that stores and processes the data (especially Oracle), software that backs-up the data (Backup products from Symantec/Veritas) and data warehouses and other data collection and data retrieval applications," the report stated.

Ken Durham, director of the rapid response team at iDefense, a security research firm based in Dulles, Virginia, said the SANS security threat reports help raise awareness of security issues among businesses and users.

"SANS, in conjunction with other agencies evangelizing safe computing practices, is helping to stamp out the low hanging fruit opportunities for hackers today," he said.

In addition SANS researchers saw what the report described as "a major upsurge" in attacks using flaws in programs that process media files, such as Apple QuickTime/iTunes, Windows Media Player, RealNetworks RealPlayer, Macromedia Flash Player and Nullsoft Winamp.

The report also stated that "huge sums of money are being spent to sponsor research to find more vulnerabilities faster." SANS researchers believe that spyware developers are focused on discovering zero-day vulnerabilities that they can use to infect computers with unwanted adware that automatically downloads and installs itself when users visit a malicious Web site.

"The most dangerous security threat of all is the love of money and how it is driving fraud and crime in the online world," said Durham. "Hacking is not about getting your 15 minutes of fame anymore. Cybercrime is a multi-million dollar global business."

With attacks apparently coming from all directions, security experts advise that users implement a layered defense.

"Any single defensive measure can be circumvented," said Ullrich. "Antivirus programs by themselves will not protect you because their signatures will be out of date. You cannot avoid attacks by avoiding a particular program like Explorer because an attack may target multiple programs. And you cannot rely on just a firewall because it may not block the particular port you're being attacked on."

But fret not. Some security experts say that most attacks are preventable.

"In the real world, people are mostly getting hit because they are surfing the net with an insecure (unpatched) version of Internet Explorer. So that's the most likely vector of an attack," said Mikko Hypponen, Chief Research Officer at F-Secure, a security services company based in Helsinki, Finland.

Hyppvnen said he was surprised that attacks against Macs ranked so high on the SANS report.

"It's an important issue, but the market share of Mac means that even the worst Mac problems aren't going to be really global issues."