print   email   Share

Zero-Day Malware Plus Phishing: A Zero Sum Equation For Employers

Network security vendor WatchGuard released its Internet Security Report. The report reveals some of the tactics used to stage cyberattacks on businesses.

According to the report that included "anonymized data gathered from 24,000 Firebox security appliances", nearly 30 percent of all malware was of the zero-day variety.  Pedro Hernandez "Nearly a Third of All Malware Qualifies as 'Zero Day'" esecurityplanet.com (Mar. 31, 2017).


Commentary

Zero-day (a.k.a zero-hour) is a vulnerability within software or hardware. It is called zero-day because the vulnerability is not publicly reported or announced, which means the software’s author or hardware designer has “zero days” to correct the problem.

Software and hardware designers do not know that what they have created is vulnerable until hackers exploit it. Hackers will spend hours exploring software to determine if there are flaws and then build malware to take advantage of the vulnerability.

Over a period of time, designers can develop a patch for the vulnerability, but only after their programming is exploited.

Even so, patching is important to stop the spread of malware, including Zero-day, and employers should require employees to execute updates and patches when received from manufacturers.

How can you prevent Zero-day malware? Spear-phishing is often how zero-day malware is distributed.  Here are two articles on phishing:

“Phishing and Malware-Laden Emails Explode In Number: Is There One In Your Inbox?”

“Is A Phishing Phoenix Rising For Employers?”

Finally, your opinion is important to us. Please complete the opinion survey:
Username
Password

Keep me signed in

Forgot password?