0-day – What You Should Know about Microgaming Security
Unfortunately, our modern world of computer technologies gives us not only advantages. The progress has a downside too. More sophisticated systems breed even more overstructured hacking methods.
So today’s companies that work in the IT segment ought to protect themselves from different types of threats. As Microgaming provides software to web gambling houses, it should be prepared to combat possible attacks effectively. Moreover, as the weak spots of its products may result into serious data stealing (banking info of casino players), it is crucial to implement special tools for preventing the negative consequences.
One of the main dangerous threats is called a 0-day. The definition, peculiarities, detecting and fixing approaches you will know from the following paragraphs of this article.
Definition
0-day in Microgaming is a weak spot of the particular software program that might be used by the hackers for an intrusion in the system. It is called so because soft developers or antivirus companies are not aware of this vulnerability by the time of releasing the program (but it might have been used by the crackers). As this threat is not public, there is no time (zero-days) to fix it (create a patch), till the program is already in use. So, the first day of knowing that fact will be also called a day-zero.
Zero-Day Vulnerability
The term has several meanings in the modern computer science. For example, a zero-day vulnerability means the unprotected place inside the code of a particular software that leaves an opportunity to attack the system and to provide authorized actions (like infecting with the virus).
Zero-Day Exploit
And this is another side of the definition. It is used to describe a code written to hack the system (worm) through the vulnerability. So, this dangerous program is called an exploit.
Window of Vulnerability
To define the period of being under a threat, they use the term “Window of vulnerability” (usually measured in days). It describes the time starting from the exploit activation till shutting down of the vulnerable gates.
This process is divided into certain important points:
• T0 – noticing the problem;
• T1a – publishing a fixing patch;
• T1b – triggering the work of the exploit;
• T2 – applying the change sets.
In the event of zero-day hacking tools, the time equation looks like this T1b-T1a ≤ 0, which shows that the exploit had already been active by the time the patch was released.
Detection
As Microgaming (like any other company working with online applications) can be a victim of various attack types and its software might contain some unsafe spots, it needs detection services. So, these tools will illuminate the exact vulnerability or at least specify the suspicious traffic behavior and then take necessary actions for terminating the hazards.
Such detection systems are utilized:
• Virtual LANs, used for content securing (with the help of IPsec);
• IDS tools, that are for detecting intrusions (installed on the critical points of the firewall);
• Network access control, which impedes any unauthorized logging into the platform (through wires);
• And a Wi-Fi Protected access that provides protection from wireless entries.
Stuxnet
Among the tons of different exploit programs, some of them have become quite popular. For instance, such one as Stuxnet has reached a wide recognition after targeting the computers responsible for nuclear weapons in Iran. This worm managed to infect most of the PCs (in 5 days) and gave control over them to the cyber-villains.
Aurora
This is a team of hackers (from China) that is responsible for another cyber infection, which used a 0-day hole in the Internet Explorer for breaking in the source code of Google, Adobe, and many other companies.
RSA hack
These cyber criminals also have attacked Google using an exploit that could spread through a weak spot in Adobe Flash. They bombarded the security enterprise for stealing safety key of products.
Zero-day Emergency Response Team
With the fast-spreading of similar intrusions into the software of various big companies like Microsoft, Adobe, Google, and other search engines/soft providers, a group of volunteers emerged (ZERT) for combating the consequences of zero-day exploits. They reacted very quickly and released patches even earlier than the host company of the infected program.
Nowadays they are not active, but a lot of enterprises, encouraged by ZERT (including Microgaming) have launched security departments that are specialized in fixing such issues.