Threat actors who pursue the most effective means to circumvent existing endpoint security measures rely on exploits, especially those that leverage unknown software vulnerabilities (commonly referred to as “zero-day exploits”). Embedded in specially crafted data files and content, such as Adobe® PDF and Microsoft® Word documents, zero-day exploits subvert legitimate applications to carry out nefarious activities. Their ability to evade traditional antivirus solutions, and a lack of vendor security patches, often leave organizations with little in terms of preventive measures against zero-day exploits, which generally serve as the initial stage of a targeted attack.
This paper provides a list of the Top 10 Zero-Day Exploits of 2015, offers several possible conclusions based on the types of exploits and their associated cybercrime campaigns, and discusses three particularly effective zero-day exploits in brief case studies.
The paper then introduces the reader to a technical solution that prevents security breaches which leverage zero-day exploits, including the Top 10 Zero-Day Exploits of 2015 that are listed in this document, without prior knowledge of the application vulnerabilities which they exploit. The solution safely enables organizations to continue the use of their applications regardless of the existence of zero-day exploits, the discovery of application vulnerabilities, or the deployment of security patches.