Zero-day Exploits in the Eyes of FireEye

According to FireEye, zero-day attacks are one of the favorite methods attackers use to exploit software flaws within applications. By their very nature, zero-day vulnerabilities are imperfections in the software code that are known to threat actors before vendors and the public. It’s impossible to develop applications that are 100% secure, even with all the tools available for scanning and securing the software code during the development lifecyle. Over the years, threat actors have penetrated billion dollar companies with multimillion dollar security defenses, and the best that Defense-in-Depth has to offer.

The victims of zero-day attacks have included Adobe, Microsoft, Google, Symantec, RSA, Northrop Grumman, and many other large enterprises. The Target breach was catastrophic, however, from a technical perspective, there is one breach that was worse, and that was Apple. The security flaw within the iOS code enabled the hackers to join in the conversation during the handshake process, thus making encryption useless. According to many experts, the flaw was due to sloppy programming, that bypassed the entire chain of command at Apple, something that should have been detected immediately. Below is a summary of the 2013 FireEye Survey called “Less Than Zero”.

 2013 FireEye Survey Recap
  • FireEye discovered 11 zero-day vulnerabilities in 2013, more than any other company
  • Vulnerabilities remain unknown to vendors and public on average of 310 days, and sometimes go undiscovered for up to three years
  • Zero day exploits are sold in an established and mature black market
  • Governments are the largest buyers of zero-day exploits according to Reuters
  • Sophisticated, large scale multi-layered security defenses are in many cases, not enough to prevent a zero-day attacks
  • Security tools relying on signatures and reputation databases are futile against zero-day attacks
  • One way to bypass a blacklisted website is to hijack an established website
  • Code morphing (continuously changing) techniques create new malware faster than security defense systems can generate new signatures
  • Operating System level protections are not as effective against zero day threats as in the past
Some of the most Destructives Zero-day Attacks
  • Operation Aurora: An Internet Explorer vulnerability allowed hackers to plant malware on targeted systems enabling the theft of intellectual property and the compromise of user accounts. Victims included Google, Adobe, Yahoo, Symantec, Symantec, Rackspace, Northrop Grumman, Adobe and Juniper.
  • Stuxnet worm:  Attackers used multiple zero-day vulnerabilities to penetrate nuclear facilities, allowing attackers to damage nuclear components.
  • RSA Attack: Attackers breached RSA’s network using phising emails, enabling them to steal the secret sauce to the authentication system. The RSA SecureID breach cost EMC $66M to replace tokens and fix the system from the fallout. Zero-day Exploits in the Eyes of FireEye

For the full report, click here.