Networks and Information Technology (IT) resources are under constant attack from Advanced Persistent Threat (APT) actors that exploit unknown, “Zero-Day” vulnerabilities. These attacks use spear-phishing emails containing malicious attachments or embedded web links directed at key end-users. APT actors send zero day malware as email attachments to key end-users. Once an end-user system is infected, APT actors use that system to target and exfiltrate sensitive data. APT actors trick end users into downloading and executing zero day malware using social engineering techniques. APT email attacks have resulted in numerous recent security breaches, and they are the prime threat vector targeting a broad range of Government, military, educational, and commercial organizations.
APT exploits are designed to run covertly on networks and systems, quietly collecting sensitive or personal data, and remaining undetected for long periods of time. Usually, standard security tools do not detect the zero day malware employed by APT actors; a recent report stated only 24% of all APT malware is detected by traditional signature-based security software. APT actors often target users and their endpoint platforms using spear-phishing email with embedded zero-day malware.
Zero day malware is malware that targets a vulnerability that is not publicly known, and for which a signature has not yet been developed. Because no signature exists for zero day malware, it cannot be reliably detected by traditional security products. In contrast to signature-based detection techniques, behavioral analysis can reveal the malicious nature of zero day malware.