Publications
Partners
Cape Town - The most effective cyber attack on South African computers is known as a zero-day attack, a security firm has said.
A zero-day attack is one where a vulnerability in software code has been established, but the manufacturer has not yet released an update to prevent the software from being manipulated by hackers.
"The most effective attacks on computers are the ones using zero-day vulnerabilities like targeted APTs (Advanced persistent threats), which are unknown unfixed security weaknesses in devices and operating systems," Mohammad-Amin Hasbini and Ghareeb Saad, GreAt experts at Kaspersky Lab told News24.
In 2013, several zero-day flaws were identified in widely-used software which could allow an attacker to remotely gain access to a computer.
According to FireEye, an Internet Explorer vulnerability allowed an remote user to execute code via a website that could trigger access to an object.
Malware intrusions
A Flash vulnerability allowed remote attackers to cause a denial of service. Flash is widely used in browsers and web pages, though it is gradually being supplanted by HTML5.
Criminal hackers are constantly on the lookout for a small vulnerability in computer systems.
"An attacker only needs to find the weak link in the chain, the chink in the armour. They're not going to go with a sledgehammer after the most secure system in the environment," John Yeo EMEA director at Trustwave told News24.
Trustwave division Spiderlabs specialises in penetration testing or ethical hacking.
Traditional, signature based antivirus is able to detect malware intrusions in a computer system only if the malware has been identified by the company.
Yeo said that in his experience, corporate attacks are morphing into those where specific malware is used only once for a specific purpose.
"Signature-based antivirus hasn't got a hope of being able to detect it [malware] and any organisation that thinks 'I've got antivirus deployed on my mission critical systems and if the worst case scenario happens, I'm going to detect it,' that's not going to happen," he said.
Updated software
Hasbini said that Kaspersky had identified the threat of unknown malware in their new product which uses a Heuristics engine. This detects malware based on how it behaves in the digital environment.
Users can protect themselves from the threat of zero-day attacks by ensuring that software is updated and antivirus software has the latest definitions.
Saad said that educating South Africans about the risk of clicking on potentially malicious websites was key to diminishing cyber attacks.
"In our experience, South African users need to educate themselves more on information security awareness - users should not access malicious websites, reply to scam e-mails or respond to social engineering attempts."
- Follow Duncan on Twitter
A zero-day attack is one where a vulnerability in software code has been established, but the manufacturer has not yet released an update to prevent the software from being manipulated by hackers.
"The most effective attacks on computers are the ones using zero-day vulnerabilities like targeted APTs (Advanced persistent threats), which are unknown unfixed security weaknesses in devices and operating systems," Mohammad-Amin Hasbini and Ghareeb Saad, GreAt experts at Kaspersky Lab told News24.
In 2013, several zero-day flaws were identified in widely-used software which could allow an attacker to remotely gain access to a computer.
According to FireEye, an Internet Explorer vulnerability allowed an remote user to execute code via a website that could trigger access to an object.
Malware intrusions
A Flash vulnerability allowed remote attackers to cause a denial of service. Flash is widely used in browsers and web pages, though it is gradually being supplanted by HTML5.
Criminal hackers are constantly on the lookout for a small vulnerability in computer systems.
"An attacker only needs to find the weak link in the chain, the chink in the armour. They're not going to go with a sledgehammer after the most secure system in the environment," John Yeo EMEA director at Trustwave told News24.
Trustwave division Spiderlabs specialises in penetration testing or ethical hacking.
Traditional, signature based antivirus is able to detect malware intrusions in a computer system only if the malware has been identified by the company.
Yeo said that in his experience, corporate attacks are morphing into those where specific malware is used only once for a specific purpose.
"Signature-based antivirus hasn't got a hope of being able to detect it [malware] and any organisation that thinks 'I've got antivirus deployed on my mission critical systems and if the worst case scenario happens, I'm going to detect it,' that's not going to happen," he said.
Updated software
Hasbini said that Kaspersky had identified the threat of unknown malware in their new product which uses a Heuristics engine. This detects malware based on how it behaves in the digital environment.
Users can protect themselves from the threat of zero-day attacks by ensuring that software is updated and antivirus software has the latest definitions.
Saad said that educating South Africans about the risk of clicking on potentially malicious websites was key to diminishing cyber attacks.
"In our experience, South African users need to educate themselves more on information security awareness - users should not access malicious websites, reply to scam e-mails or respond to social engineering attempts."
- Follow Duncan on Twitter
