Story image

Zero-day security attacks reach Judgement Day

24 Apr 13

The recent concentrated security attack in South Korea shows zero-day vulnerabilities remain, while attack innovations are growing in sophistication, intensity and severity.

That is according to Trend Micro who says company researchers raised the alarm about zero-day threats, which also struck against Oracle's Java and Adobe's Flash Player, Acrobat and Reader.

An attack which exploits previously unknown vulnerability in a computer application, zero-day attacks essentially begin on 'day zero'.

As a consequence Micro says the breaches show vulnerabilities are emerging faster than they can be patched and are quickly being incorporated into professional attack kits such as the “Black Hole Exploit Kit.”

“Of course Java is cross-platform and that is somewhat attractive to criminals, but what is really attractive is its vulnerabilities and its ubiquity,” says Rik Ferguson, Security Research vice president, Trend Micro.

“This definitely won't be the last zero-day vulnerability in Java and it won't be the end of the vast attack surface that it currently offers to criminals.”

South Korea attacks:

The high-profile attacks executed in South Korea in March reinforce that theft is no longer the sole focus of hacking efforts according to Micro, but rather these breaches are also designed to cripple critical networks.

“Given the capability of what took place in South Korea, it is likely that increasingly destructive attacks will continue to be a threat,” says Tom Kellermann, vice president, Cyber Security.

“With each quarter, attacks are becoming bolder and more targeted, pointing to concerns far beyond the compromise of personal data.”

Micro's New Zealand senior security architect Peter Benson believes that by their very nature, many zero-day vulnerabilities are not detectable using outdated technology, risking a number of businesses in the process.

"it is likely – and probable - that there are companies already compromised that do not have sufficient visibility to detect or qualify this," Benson says.

"Add to this the additional complexity that the attackers are employing, including logic bombs, time activated code, and automated data collection/infiltration systems, and companies that are not up to speed with the changes to the threat landscape are going to end up in a world of pain."

For the complete Trend Micro’s Q1 2013 Security Roundup Report click here

HPE promotes 'circular economy' for end-of-use tech
HPE is planning to show businesses worldwide that throwing old tech and assets into landfill is not the best option when it comes to end-of-use disposal.
InternetNZ welcomes Govt's 99.8% broadband coverage plan
The additional coverage will roll out over the next four years as part of the Rural Broadband Initiative phase two/Mobile Black Spots Fund (RBI2/MBSF) programme expansion.
Dr Ryan Ko steps down as head of Cybersecurity Researchers of Waikato
Dr Ko is off to Australia to become the University of Queensland’s UQ Cyber Security chair and director.
Radware joins Chillisoft’s expanding portfolio
The cloud DDoS prevention, app delivery controller, and web app firewall expert is another step toward a total enterprise security portfolio.
Commerce Commission report shows fibre is hot on the heels of copper
The report shows that as of 30 September 2018 there were 668,850 households and businesses connected to fibre, an increase of 45% from 2017.
Wearables market flourishing - fuelled by smartwatches
A market that has stuttered in the past now has a bright forecast as adoption of wearable technology continues to thrive.
The tech that helped the first woman to sail around Australia
Lisa Blair used devices from supplied by Pivotel to aid her in becoming the first woman to circumnavigate Australia non-stop.
Why there will be a battle for the cloud in 2019
Cloud providers such as AWS, Azure, and Google will likely find themselves in a mad scramble to gain additional enterprise customers.