#9. Vulnerabilities and zero-days

Cybercriminals have continued to make widespread use of vulnerabilities in legitimate software to launch malware attacks.   They do this using exploits – fragments of code designed to use a vulnerability in a program to install malware on a victim’s computer without the need for any user interaction.  This exploit code may be embedded in a specially-crafted e-mail attachment, or it may target a vulnerability in the browser.  The exploit acts as a loader for the malware the cybercriminal wishes to install.

Of course, if an attacker exploits a vulnerability is known only to the attacker – a so-called ‘zero-day’ vulnerability – everyone using the vulnerable application will remain unprotected until the vendor has developed a patch that closes up the loophole.  But in many cases cybercriminals make successful use of well-known vulnerabilities for which a patch has already been released. Cybercriminals focus their attention on applications that are widely-used and are likely to remain unpatched for the longest time – giving them a large window of opportunity through which to achieve their goals.

Read Also

IT Firms Misuse Social Media For Polls: Cobrapost

India's Great Online Shopping Festival Is Back! This Time From 11 to 13 December