There are literally hundreds, if not thousands or approaches cyber criminals can use to exploit your IT infrastructure and access sensitive data. 


Once an exploit is discovered it can be dealt with using signature-based technologies that scan for that signature and apply the appropriate measure to prevent its impact. 

But how do you deal with a cyber attack that hasn’t been seen before by your security vendor? Specifically, how do you deal with the first occurrence of a new cyber attack? These “first occurrences” are known as a zero-day threat.

According to technopedia, a zero-day threat is:

 “A zero-day threat is a threat that exploits an unknown computer security vulnerability. The term is derived from the age of the exploit, which takes place before or on the first (or “zeroth”) day of a developer’s awareness of the exploit or bug. This means that there is no known security fix because developers are oblivious to the vulnerability or threat.

Attackers exploit zero-day vulnerabilities through different vectors. Web browsers are the most common, due to their popularity. Attackers also send emails with attachments exploiting software attachment vulnerabilities.”

The good news is that zero-day exploits have a shelf life of as long as it takes for the industry (read security vendors) to discover it, forensically diagnose how it works and then apply a fix to their solutions in the way of a software patch, a signature update or an update to their cloud services.

The bad news is that the “vulnerability window” can sometimes be hours or even days, when it only takes minutes or even seconds for that zero-day exploit to wreak havoc to your organization’s productivity, profitability and reputation.

Cyber Espionage?

According to Kim Zetter in a Wired article titled “Hacker Lexicon- What Is A Zero Day?”:

“Zero day vulnerabilities and exploit codes are extremely valuable and are used not only by criminal hackers but also by nation-state spies and cyber warriors, like those working for the NSA and the U.S. Cyber Command.” 

Sounds like a Hollywood movie, doesn’t it?  The sad part is that life imitates art and art imitates life more often than not when it comes to cyber attacks and the depth and breadth of impact hackers can accomplish by just creatively exploiting something previously unknown.

Learn more about how to build cyber resilience against zero-day attacks here.

Sie wollen noch mehr Artikel wie diesen? Abonnieren Sie unseren Blog.

Erhalten Sie alle aktuellen Nachrichten, Tipps und Artikel direkt in Ihren Posteingang

Das könnte Ihnen auch gefallen:

Unzureichende Cybersicherheitsmaßnahmen

Good enough security isn't good enough. …

Good enough security isn't good enough. Just checking the c… Read More >

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Jun 06, 2019

Echte Beispiele für Bedrohungen, die von E-Mail-Sicherheitssystemen übersehen wurden

A new view of the Mimecast Email Securit…

A new view of the Mimecast Email Security Risk Assessment. … Read More >

Matthew Gardiner

von Matthew Gardiner

Principal Security Strategist

Posted Jun 03, 2019

Verhindern, nicht korrigieren: Drei Anforderungen an die Cybersicherheit

It’s never a bad time to pause and…

It’s never a bad time to pause and reflect on the visi… Read More >

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Jun 17, 2019