Zero-day attack most effective in SA, says Kaspersky

Cape Town - The most effective cyber attack on South African computers is known as a zero-day attack, a security firm has said.

A zero-day attack is one where a vulnerability in software code has been established, but the manufacturer has not yet released an update to prevent the software from being manipulated by hackers.

"The most effective attacks on computers are the ones using zero-day vulnerabilities like targeted APTs (Advanced persistent threats), which are unknown unfixed security weaknesses in devices and operating systems," Mohammad-Amin Hasbini and Ghareeb Saad, GreAt experts at Kaspersky Lab told News24.

In 2013, several zero-day flaws were identified in widely-used software which could allow an attacker to remotely gain access to a computer.

According to FireEye, an Internet Explorer vulnerability allowed an remote user to execute code via a website that could trigger access to an object.

Malware intrusions

A Flash vulnerability allowed remote attackers to cause a denial of service. Flash is widely used in browsers and web pages, though it is gradually being supplanted by HTML5.

Criminal hackers are constantly on the lookout for a small vulnerability in computer systems.

"An attacker only needs to find the weak link in the chain, the chink in the armour. They're not going to go with a sledgehammer after the most secure system in the environment," John Yeo EMEA director at Trustwave told News24.

Trustwave division Spiderlabs specialises in penetration testing or ethical hacking.

Traditional, signature based antivirus is able to detect malware intrusions in a computer system only if the malware has been identified by the company.

Yeo said that in his experience, corporate attacks are morphing into those where specific malware is used only once for a specific purpose.

"Signature-based antivirus hasn't got a hope of being able to detect it [malware] and any organisation that thinks 'I've got antivirus deployed on my mission critical systems and if the worst case scenario happens, I'm going to detect it,' that's not going to happen," he said.

Updated software

Hasbini said that Kaspersky had identified the threat of unknown malware in their new product which uses a Heuristics engine. This detects malware based on how it behaves in the digital environment.

Users can protect themselves from the threat of zero-day attacks by ensuring that software is updated and antivirus software has the latest definitions.

Saad said that educating South Africans about the risk of clicking on potentially malicious websites was key to diminishing cyber attacks.

"In our experience, South African users need to educate themselves more on information security awareness - users should not access malicious websites, reply to scam e-mails or respond to social engineering attempts."

- Follow Duncan on Twitter
Brent Crude
All Share
Top 40
Financial 15
Industrial 25
Resource 10
All JSE data delayed by at least 15 minutes morningstar logo
Company Snapshot
Voting Booth
Do you think it was a good idea for the government to approach the IMF for a $4.3 billion loan to fight Covid-19?
Please select an option Oops! Something went wrong, please try again later.
Yes. We need the money.
11% - 1363 votes
It depends on how the funds are used.
73% - 8833 votes
No. We should have gotten the loan elsewhere.
16% - 1950 votes