learn

Anatomy of an Attack - Zero Day Exploit



Sharing buttons:

you've taken great care to secure your

network but even with responsible and

sustained investments in your defenses

you're still at risk attackers can

bypass your security through an

uncharted software vulnerability a

loophole

revealed only by the persistent probing

of a determined hacker this is how a

network is breached this is how valuable

data is stolen

this is zero day zero day is a software

vulnerability that is previously unknown

and unpatched and therefore can be

exploited by a threat actor to gain

entry to a target network a hacker finds

a zero day through hours weeks or months

of painstaking effort he scours through

lines of code

probing applications and operating

systems to find some weakness some flaw

he methodically barage is the target

application with an array of reverse

engineering tools and techniques forcing

the software to reveal a small crack in

the defenses that provides them a way to

secretly execute code with this

vulnerability in hand the hacker has a

choice help the software vendor by

providing them information about the

vulnerability or sell it to a broker a

black-market vendor of zero-day exploits

the broker compiles an inventory of zero

days to build his reputation on the

darknet with one goal selling his

exploits at the highest price the broker

lists these zero days on secret forums

he acts as a matchmaker between exploit

and attacker

the attacker needs an exploit that

augments their existing tools and

techniques use reconnaissance data to

select the zero day exploit that is most

likely to compromise their target

because zero day exploits are previously

unknown they provide an element of

surprise

the attacker incorporates the zero day

exploit into their customized attack and

once the perfect storm program process

and payload is concocted the attack is

launched in a network protected by fire

i NX series appliances can detect the

intrusion block the attacker and alert

system administrators of the attempted

breach p x-series appliances the enable

the responders to freeze and rewind time

isolating the packet captures from the

earliest moments of the attack two-way

sharing with the dynamic threat

intelligence cloud enables fire ID to

analyze the attack the zero day

discovery team reverse engineers the

incident to break down the intricacies

of the exploit using threat intelligence

gathered by fire AI devices and drawing

upon years of in-depth knowledge and

specialized techniques it will find the

key exploit eken isms and determine if

this particular combination of tactics

is a zero day

if a zero-day is discovered fireEye

notifies the vendor of the vulnerable

software and works with them to create a

patch meanwhile comprehensive data about

the exploit is uploaded to the dynamic

threat intelligence cloud which

immediately notifies every fire eye

appliance and protects fireEye's

customers within 24 hours the patch is

deployed the public is notified and

customers are protected from a campaign

that took thread actors countless hours

to craft when faced with advanced

threats such as zero day exploits you

need advanced threat protection

fireEye