Researchers Record Spike In Zero-day Exploits In 2021

Share post:

Investigations conducted by threat intelligence firm Mandiant and Google’s Project Zero have revealed an increase in zero-day bugs being exploited.

Mandiant and Project Zero have a different scope for the zero-day types they pursue. For the zero-days, Mandiant tracked 80 in 2021, compared to 30 tracked in 2020. Project Zero tracked 58 zero-day flaws in 2021, compared to 25 tracked in 2020.

Zero-day vulnerabilities are vulnerabilities that have yet to be made public. Tools attackers use to exploit these vulnerabilities are known as zero-day exploits. Once a bug becomes public, a fix may not be released immediately or at all, allowing attackers to exploit it.

For James Sadowski, a researcher at Mandiant, increasing detection and awareness means a shift in the zero-day landscape that has previously been limited to government-sponsored and financial hackers.

“There are definitely more zero-days being used than ever before. The overall count last year for 2021 shot up, and there are probably a couple of factors that contributed, including the industry’s ability to detect this. But, there’s also been a proliferation of these capabilities since 2012. There’s been a significant expansion in volume as well as the variety of groups exploiting zero-days,” Sadowski said.

Maddie Stone, security expert at Project Zero, notes that while it is difficult to get a full picture of the extent and context of the exploited zero days, studying those discovered can help developers and cybersecurity experts better protect their products.

The sources for this piece include an article in ArsTechnica.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for Friday, December 8, 2023

This episode features discussion on cyber attacks against OT networks, the discovery of exposed servers with medical images and  why outdated Microsoft Exchange servers are s

Canadian mid-sized firms pay an average $1.13 million to ransomware gangs

Survey for Palo Alto Networks also shows fewer firms willing to pay da

Cyber Security Today, Dec. 8, 2023 – Ransomware is increasingly impacting OT systems, and more

This episode reports on how hackers break into AWS cloud instances, fake anti-Ukraine online ads  using photos of celebrities

Canadian privacy czars release principles for responsible development of AI

The principles remind AI developers they have to follow Canadian data pr

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways