1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Technologies

Where You Are

  1. Home
  2. Products
  3. Technologies
  4. DeepGuard
  5. Zero Day Attacks

DeepGuard

  1. Zero-Day Attacks

    A major shift in the motives and technologies used in malicious cyber attacks

    Internet has become the world’s fastest growing marketplace and more and more of the content on the net is related to eCommerce in one way or another. This development gave birth to a new generation of malware authors, the cyber criminals. They are more strongly motivated than the teenagers of yesterday who just wanted to make headlines with their hacking attempts. They also have better abilities to maintain the needed skills to develop high-quality malware code. And last but not least, their ideal malware look very different from the teenager’s creation because their goals are different.
    The objective of malware written by a cyber criminal is typically connected to money, whether it is to steal bandwidth, computing capacity or information. The attack may be carefully targeted or aimed at suitable computers around the world. But the number of infected computers is typically limited in both cases. The teenager thinks it is cool when his creation causes a massive outbreak and headlines all over the world. The same scenario is a failure for the cyber criminal. The attention raises computer users’ awareness and makes them clean up infected computers and install protection products. To avoid this, the professional money-driven cyber criminal wants to make his attack extremely fast and invisible.

    This has lead to the birth of a new fast growing problem on the Internet – instantaneously spreading targeted attacks, which cannot be detected with traditional security solutions. These attacks are often called zero-day attacks, referring to the extremely short time window they need to do damage.

    The reason why traditional security technology is not sufficient, is explained in the following.


    The traditional way to catch malware

    Traditionally, antivirus software has employed definition-based detection to protect users against malware. The following diagram illustrates the definition-based protection cycle.

    dg_definition-based_detection

    Definition-based protection model presents a number of security issues, such as:
    • Dependence on user awareness – unless users recognize infections, virus labs will not receive virus samples, which impedes the whole process of virus definition building. This constitutes a considerable risk, as a large number of malware today relies on rootkit and similar kind of techniques to hide from the user and remain undetected for as long as possible. Furthermore, very few users have the necessary knowledge to recognize when an infection is in course, which further lowers the chances of virus labs to receive a virus sample.
    • Timing – the more time elapses between the time when malware is released and when virus labs receive the virus samples, the bigger the number of infected computers will be.
    • Infection as the starting point – the very process of building malware detection implies, in most situations, that some of the users already have an infection on their computer.
    • Update availability – if users are not able to receive and install updated virus definitions, they are not protected against the threats that have been detected since their last update.

     

    The issues related to the security provided by definition-based protection are not new: F-Secure has for a long time been combining several protection mechanisms with the conventional definition-based scanning system. It has used several kinds of techniques, such as system monitoring, blocking of code injections, heuristic scanning, rootkit scanning and controlling of code manipulations. But in a scenario that is ever changing, in which zero-day malware and targeted attacks are the every-day reality, all of this is becoming insufficient.


    The new approach

    In order to be able to offer a solid protection in the modern networked environments, it is essential to offer proactive technologies that are able to foresee the unknown threats and act accordingly. F-Secure DeepGuard™ is a state-of-the-art proactive technology that helps the average computer user to be safe no matter where and when he uses his computer.