The latest report made by Microsoft says that zero-day vulnerabilities can be considered the smallest attack vector among all the attack vectors. According to Jeff Jones, director of Microsoft’s Trustworthy Computing group, social engineering and AutoRun attacks should be blamed much more – around 45% of exploits companies are seeing on their systems and networks were caused by them. Zero-day vulnerabilities’ popularity on media can be explained quite simply – media tries to take people’s attention and creates an impression that they have to do something if they want to protect themselves.
More than a third of 45% of social engineering attacks are assigned to abuse of the AutoRun capability which enables media to run on a program automatically without any need to start it. Attackers simply use it in a negative way and spread malware with its help. Social engineering category includes fake security software, email scams and phishing attacks that are more and more injected into social networking websites. According to report, the most frequently targeted software is Java when systems get infected with malicious updates.
To minimize the exposure to exploits, companies should think about newer products with better protections. Besides, employees and customers should also be educated about information security.