Zero-Day
Vulnerabilities
Your Software Flaw May Be
an Attacker's Gain
On average, a new zero-day vulnerability, came to light every week in 2015, with advanced attack groups continuing to profit from previously undiscovered flaws in software like browser plugins and content management programs. Discovering unknown vulnerabilities and figuring out how to exploit them is a favored technique for advanced attackers—and this doesn’t appear to be slowing down. The more attackers search, the more flaws they find, pushing the number of zero-day exploits higher every year.
A Decade of Vulnerabilities
A zero-day vulnerability is a flaw in software that allows attackers to gain access to a system or network, leaving zero days to protect against the attack. The number of zero-day vulnerabilities more than doubled in 2015—an increase of 125 percent from 2014.
Weekly Zero-Day Vulnerabilities, Since 2006
Between 2006 and 2012, zero-day vulnerabilities were discovered at a more modest rate each year—ranging between a high of 15 and a low of eight.
Website Vulnerabilities
Overall, the past three years have not seen a substantial decrease in the number of websites with unpatched vulnerabilities. Already high in the mid 70s, the number reached 78 percent in 2016. When unpatched, a critical vulnerability makes it easy for attackers to break into a webserver, potentially resulting in a data breach or weaponizing the site to attack other visitors.
Web Attacks By Exploit
Advanced web attack are a collection of scripts that use zero-day exploits to infect users when they browse a website.
Continually Evolving
Industrial control systems (ICSs), used in industrial manufacturing and power plant control, are appearing more as a target for hackers. The motivations behind such attacks could range from geopolitical disputes to ransom-related attacks. Regardless of the reasons, it is important to be aware of these types of attacks and have a solid solution in place to address vulnerabilities.