Norm presents The Forgotten Middle Brochure - Flipbook - Page 6
06
07
Zero Day Attacks
Ransomware
Zero Day attacks are one of the most common and increasingly most difficult
types of cyber attack to protect against. This is because they take advantage
of software vulnerabilities or “bugs” in programs, applications and systems.
Ransomware is a form of malware that encrypts the data held on an
infected machine and demands a ransom – usually payable in Bitcoin
and often tailored to the size of the company – in order to release it
and regain access to the device. This piece of malware will often
spread to other devices on the network, meaning a whole organisation
can be affected from just one compromised device.
The discovery of vulnerabilities like this are almost an everyday occurrence,
and the manufacturers and developers behind the affected system or program
need time to develop the appropriate patch and issue it to customers. It is this
time lag which hackers and cyber criminals take advantage of – hence the
term “zero day”.
Ransomware remains a very popular method of attack due to the
ease with which it can be executed and the potential financial gains.
The ransom amount is often small enough to convince victims that the
price of paying up and getting their data back is far more palatable
than the cost of restoring data and systems. Be warned that even if you
do decide to pay the ransom, this does not guarantee that your devices
and data will be returned to their previous state. It seems that ransom-ware
programs are not subject to the same quality assurance standards as
anti-malware programs and can be somewhat… unreliable. Which means
that some victims still have to perform additional downtime steps and
possibly incur further clean-up costs.
Zero Day attacks can take many forms – they include missing data encryption,
SQL injection, buffer overflows, missing authorisations, broken algorithms, URL
redirects and problems with password security. Some of the most infamous
zero day attacks include Zerologon, Stuxnet and the Microsoft Exchange
Server hack.
Because these attacks exploit newly discovered, and therefore unpatched,
vulnerabilities, they are amongst the most difficult to defend against.
Traditional, signature-based products are simply not capable of detecting
them, which is why many organisations have turned to advanced threat
protection solutions instead.
*We lose track of time completely when we’re busy stopping cyber attacks.
The best way to negate the impact of a ransomware
attack is to perform regular backups of your systems
(preferably offline) and test them. If you do fall foul
of ransomware this gives you the option of restoring
to a previous known good state, and leaves the
attackers with little or no leverage.