DaaS

Will Your IT Infrastructure Protect You on Zero-Day?

Zero-day attacks aren’t the worst hacking threat for most businesses. Security breaches usually occur against well-known vulnerabilities (mainly default passwords and unpatched software) that companies and employees have not been financially or technically capable of addressing. But businesses with password management, patch management, and strict security policies that have invested time and resources protecting themselves from known vulnerabilities face a unique threat with zero-day attacks. Zero-day malware targets a software vulnerability that the developer of the application has not identified or fixed yet. Patch management will not protect against such threats because by definition the last software update of the targeted program predates the development of the malware.

Data security experts recently detected a zero-day threat aimed at the Java 7 platform. Many websites and online applications use the Java programming language. Also, many browsers have the built-in ability to access sites and services written in Java.  The recent zero-day attacks exploited a previously unknown vulnerability in the Java programming language that can force a user’s browser to download malware from an infected website. The malware can then install a remote access toolkit that gives the hacker the ability to control and explore the hijacked computer. About a week after the public disclosure of the vulnerability, Oracle released a new version of Java 7 that removed the problem.

This zero-day Java malware was unique in a couple ways. First, security experts have noted the extreme sophistication of the malicious program. In an email exchange with a journalist from theatpost.com, researcher Esteban Guillardoy said of the malware, “Finding these vulnerabilities and [using] them in a useful way is a much harder task that requires a wide knowledge of the Java JDK/JRE codebase and deep understanding of the Java security architecture.” Second, researchers were actually able to pinpoint the origin of the zero-day attacks. A hacking group called the Nitro Crew began emailing links to the infected sites to victims on August 22. Like in its previous hacking attempts, the Nitro Crew targeted workers at American, British, and Bangladeshi chemical manufacturing companies. The security firm Symantec was able to trace the group to both sets of attacks because of the common IP address of one of their command-and-control servers. Finally, some observers have interpreted the Java zero-day attacks as a prime example of the increasing “industrialization” of hacking. They point out the “division of labor” involved in the hacks (Symantec suspects that the Nitro Crew purchased the malware from a more advanced coder) and how knowledge of the zero-day vulnerability spread quickly through the hacking community, turning up in popular malware kits and inspiring copycat attacks in Europe.

At the same time, the Java attacks had the same outcome for the victims as other forms of zero-day threats: stolen account information and other data. Though some forms of antivirus software can detect zero-day malware by its distinct coding style or by executing it in a contained environment, more than half of all the major AV programs were unable to recognize the recent Java threat. Two other protections from this specific attack were suggested by experts: blocking connections to the IP addresses associated with the malware and setting the company firewall to prohibit external access to the Java application. Both of these measures would require the expertise of a network security professional, however.

Companies should select private cloud IT infrastructures if they want the best protection from zero-day malware going forward. Private clouds have a greater number and higher quality of staff than either on-site or public cloud infrastructures. With more personnel the private cloud hosting company can monitor each infrastructure closely and provide better after-hours protection. And with more experienced technicians it can spot suspicious network activity quicker and respond to potential attacks with more refined techniques.

IronOrbit private cloud-based Hosted Desktops offer even further protection from zero-day threats. With our Virtual Desktops you can easily set firm security policies and perform patch management for the entire infrastructure. It is also easy to isolate and destroy hosted desktops that have been infiltrated with malware. We provide further layers of protection with our Orbital Security System, which includes access control, firewalls, antivirus, antispyware, and intrusion prevention and detection systems. IronOrbit private cloud solutions turn zero-day threats into zero threats.