Zero day vulnerabilities and exploits have been back in the news again recently. The recent breach of Hacking Team revealed insights into the grey market for zero-day exploits as well as new exploits against Adobe Flash and Microsoft Windows. Here we are just a couple of weeks later and 4 new zero day vulnerabilities in Microsoft Internet Explorer were revealed by HP’s Zero Day Initiative group.
Zero Day exploits are often considered to be the ultimate weapon in the hackers’ arsenal. After all, how do you detect and block something if no one knows it exists? Zero Days attacks are considered to be so dangerous that the security industry developed ethical guidelines on how to deal with the discovery of software flaws or vulnerabilities that could provide attackers with a new “undetectable“ weapon.
For the most part the industry has followed these guidelines by notifying the makers of the vulnerable software of the problem and allowing them to develop and release a fix or “patch” for the vulnerability to ensure that bad guys can’t use it to attack users or organizations. This process has come under criticism by some when vendors don’t develop patches “quickly enough” leaving potential victims exposed if bad guys manage to discover and exploit the vulnerabilities during the “window of vulnerability”.
Of course all of these concerns are based on the inability of the industry to reliably detect and block Zero Day exploits. Bromiums’ approach to the problem of malware, isolating all POTENTIAL malware entering the system in a hardware enforced microVM changes the equation completely. Encountering a true Zero Day attack in a system protected by Bromium is now an opportunity for the defender to quickly and reliably identify the new vulnerability rather than an opportunity for the attacker to execute an undetectable attack.
Most cyber-attacks are financially motivated, and developing Zero Day attacks can be an expensive proposition. With Bromium it is much cheaper for the defender to defeat and expose the attack than for the attacker to develop and deploy the attack. With this fundamental change in the profit equation it is just a matter of time before the latest announcement of a new Zero Day becomes just a matter of passing interest to software developers rather than a hot story demanding headlines around the world.