Researchers Record Spike In Zero-day Exploits In 2021

Share post:

Investigations conducted by threat intelligence firm Mandiant and Google’s Project Zero have revealed an increase in zero-day bugs being exploited.

Mandiant and Project Zero have a different scope for the zero-day types they pursue. For the zero-days, Mandiant tracked 80 in 2021, compared to 30 tracked in 2020. Project Zero tracked 58 zero-day flaws in 2021, compared to 25 tracked in 2020.

Zero-day vulnerabilities are vulnerabilities that have yet to be made public. Tools attackersĀ use to exploit these vulnerabilities are known as zero-day exploits. Once a bug becomes public, a fix may not be released immediately or at all, allowing attackers to exploit it.

For James Sadowski, a researcher at Mandiant, increasing detection and awareness means a shift in the zero-day landscape that has previously been limited to government-sponsored and financial hackers.

“There are definitely more zero-days being used than ever before. The overall count last year for 2021 shot up, and there are probably a couple of factors that contributed, including the industry’s ability to detect this. But, there’s also been a proliferation of these capabilities since 2012. There’s been a significant expansion in volume as well as the variety of groups exploiting zero-days,” Sadowski said.

Maddie Stone, security expert at Project Zero, notes that while it is difficult to get a full picture of the extent and context of the exploited zero days, studying those discovered can help developers and cybersecurity experts better protect their products.

The sources for this piece include an article in ArsTechnica.

SUBSCRIBE NOW

Related articles

Cyber Security Today, May 24, 2024 – A threat actor leverages Windows BitLocker in ransomware attacks, beware of ORB networks, and more

A threat actor leverages Windows BitLocker in ransomware attacks, beware of ORB networks, and more. Welcome to Cyber Security...

Canada centralizing cybersecurity efforts of federal IT departments

Federal departments and agencies are making only marginal progress in improving their cyber maturity, Ottawa said Wednesday as...

Cyber Security Today, May 22, 2024 – LockBit ransomware gang hits more victims, Fluent Bit servers need to be updated, and more

LockBit ransomware gang hits more victims, Fluent Bit servers need to be updated, and more. Welcome to Cyber Security...

Google criticizes Microsoft’s security practices in new report

Google has publicly criticized Microsoft for a series of security missteps, suggesting that organizations might consider more secure...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways