Presentation is loading. Please wait.

Presentation is loading. Please wait.

ZERO-DAY ATTACKS By Hiranmayi Pai Neeraj Jain. Table of Contents  Introduction  Evolution of Vulnerabilities and Threats  Propagation of Zero-Day Threats.

Similar presentations


Presentation on theme: "ZERO-DAY ATTACKS By Hiranmayi Pai Neeraj Jain. Table of Contents  Introduction  Evolution of Vulnerabilities and Threats  Propagation of Zero-Day Threats."— Presentation transcript:

1 ZERO-DAY ATTACKS By Hiranmayi Pai Neeraj Jain

2 Table of Contents  Introduction  Evolution of Vulnerabilities and Threats  Propagation of Zero-Day Threats  Characteristics of Zero-day attack  Detecting a Zero-Day Compromise  Prevention of Zero Day Infections  Conclusion

3 Introduction  What is a Zero-day attack? A zero-day or zero-hour attack or threat is an attack that exploits a previously unknown vulnerability in a computer application

4 Evolution of Vulnerabilities and Threats  In the past, IT security professionals, researchers and developers would publicly announce they found a vulnerability, primarily to motivate the vendor to release a patch.  The average time to identify a vulnerability using reverse engineering techniques is only nine days from the time the patch is released.

5 Propagation of Zero-Day Threats  Example 1(Windows 2000 dll) The earliest known zero-day exploit was discovered in March 2003 when the military realized one of their web servers had been compromised. The exploit involved an unchecked buffer overflow in the Windows 2000 dynamic link library, Ntdll.dll

6 Propagation of Zero-Day Threats  Example 2 (Internet Explorer) In October 2003, a zero-day exploit known as the Qhosts Trojan surfaced. The exploit attacked the Internet Explorer Object Data Remote Execution vulnerability. The Trojan horse would automatically be downloaded and executed on an unsuspecting victim’s system only when specific code embedded in a banner ad was accessed with Internet Explorer.

7 Propagation of Zero-Day Threats  Example 3(Adobe Reader) Cybercriminals are using a new PDF exploit that bypasses the sandbox security features in Adobe Reader X and XI, in order to install banking malware on computers. The attack fails in Google Chrome because Chrome provides additional protection for the Adobe Reader component, while the attack is successful using IE or Firefox

8 Propagation of Zero-Day Threats  Example 4(Java Zero day ) When a compromised page is accessed, it forces the system to download an arbitrary payload, for example, a keylogger or calc.exe, without requesting any prior confirmation.

9 Propagation of Zero-Day Threats  Example 5 (Internet Explorer) The attacks install the Poison Ivy backdoor Trojan when unsuspecting people browse a compromised website using a fully patched version of Windows XP running the latest versions of IE 7 or IE 8 and the Trojan hijacks the system.

10 Propagation of Zero-Day Threats  Example 6 (RSA)

11 Characteristics of zero-day attack  The most dangerous and likely vector of propagation for zero-day threats is a blended threat.  Blended threats combine the characteristics of viruses, worms, Trojan Horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack.

12 Characteristics of zero-day attack  Causes harm  Propagates by multiple methods  Attacks from multiple points  Spreads without human intervention  Exploits vulnerabilities

13 Detecting a Zero-Day Compromise  Behavior-based systems (IDS and IPS) alerts  Antivirus software alerts as a result of heuristic scanning  Unusual events in the system log files (i.e. failed logons)  Poor system performance  Unexplained system reboots  Network traffic on unexpected ports, especially on ports known to be backdoor  ports for known blended threats (i.e. MyDoom: TCP ports 3127 through 3198)  Increased network traffic on a legitimate port  Increased scanning activity  Unusual SMTP traffic, especially originating from systems that should not be  using SMTP

14 Prevention of Zero Day Infections

15  Border Protection  System Hardening  Antivirus Software  Patch Management  Vulnerability Management  Application Hardening  Blocking Attachments  Honeypots

16 Conclusion  Zero-day threats are only in the beginning stages.  If the history of vulnerabilities and exploits is any indicator, zero-day threats will progressively get worse and present the biggest challenge to guard against.  New technologies that actively protect against Zero-day threats need to be developed by vendors.

17 THANK YOU


Download ppt "ZERO-DAY ATTACKS By Hiranmayi Pai Neeraj Jain. Table of Contents  Introduction  Evolution of Vulnerabilities and Threats  Propagation of Zero-Day Threats."

Similar presentations


Ads by Google