Zero Day Malware

Refers to malicious programs (malware) that have only recently been recognized as such. The English term is made up of “zero day” and “malware” – i.e. a malware program that has been known for zero days, i.e. since today.

What does that mean in detail?

• A zero-day malware can represent any form of malware.
• Since it was not previously known, technical defensive measures have to be developed in some cases. For example: the corresponding entry for the databases of virus scanners or the corresponding rule for the firewall.
• In some cases, Measures to remedy the damage caused, e.g. to make data encrypted by the malware accessible again
• Zero-day malware often exploits previously unknown security vulnerabilities. From “day zero” onwards, work will be done to close them as quickly as possible.
• In principle, it is difficult for virus scanners and firewalls to detect zero-day malware. However, they are increasingly programmed to detect and report unknown and unusual or suspicious patterns.

Where do I come across this problem in my day-to-day work?

In principle, you can encounter it anywhere. For example, by sending an e-mail with a supposed application in the attachment, but which contains a new form of Trojan.

What can I do to improve my security?

• Increase your organization’s cybersecurity with targeted measures to ensure that zero-day malware encounters as few security vulnerabilities as possible. Separate networks can also contain a spread and up-to-date backups can make it easier to quickly return to work after a cyber incident.

• Place great emphasis on raising awareness among your employees. Zero-day malware can be difficult to detect for technical defenses such as virus scanners. In such cases, prudent employees can protect your company from major damage, e.g. because an e-mail application seems strange to them, they briefly research the supposed sender and thus come across daily warnings about new malware.