“Think fast! You’re about to be hit,” sounds like a schoolyard challenge. But IT administrators know that the next worm or virus could rip through their systems with just as little warning.
Zero-day attack refers to the propagation of a virus, worm or hack targeted at a specific vulnerability on the same day that the vulnerability becomes known. In other words, there are zero days to respond to such an attack.Text
In fact, the time it takes for a known vulnerability to be exploited by some sort of malware has fallen precipitously in the past three years. From the time that the vulnerability became known, the Slammer worm took six months to hit, Sasser took three weeks, and the Witty worm took two days. One of 2005’s best-known worms, Zotob, started making the rounds six days after the vulnerability was identified.
Today, many IT security observers believe that zero-day attacks are imminent – if, in fact, they haven’t already happened.
Zero-day attack refers to the propagation of a virus, worm or hack targeted at a specific vulnerability on the same day that the vulnerability becomes known. In other words, there are zero days to respond to such an attack. In fact, the attack itself may just be how administrators learn that there is a vulnerability.
Eli Dezelak, senior product manager with Telus Business Resiliency team, a Telus Business Solutions unit, says such attacks may have already occurred, but the impact might have been so minor that no one noticed, or bothered to report it.
“The real question is when will a very prominent attack happen,” he points out. “If it happened tomorrow, I wouldn’t be surprised.”
In contrast to the speed that worms are currently being developed and deployed, it takes companies 54 days on average to patch their machines, according to Dezelak.
This lag is simply due to the large number of machines to be maintained and the multitude of patches being issued by vendors. In addition, companies need to ensure the stability and impact of patches before applying them, and they can’t impede normal business activities in the process.
The zero-day scenario implies that there is nothing companies can do to anticipate an attack when they don't even know what the vulnerability is. But does zero-day mean that there is nothing they can do?
Dr. Clemens Martin, associate professor at the University of Ontario Institute of Technology, and director of the university's IT Programs and Hacker Research Lab, is not optimistic.
“There isn’t much that companies can actually do,” he says. “It really depends on how the zero-day attack will be crafted and what vulnerability will be exploited. If we’re lucky, it will exploit a widely spread vulnerability that doesn’t affect systems that are too critical. But it could just as well be in some very critical infrastructure, and that will be really problematic.”
Like many security experts, IDC Canada’s vice president of security research, Joe Greene, believes “the cure is really prevention” - in particular, prevention through effective technology.