Researchers Record Spike In Zero-day Exploits In 2021

Share post:

Investigations conducted by threat intelligence firm Mandiant and Google’s Project Zero have revealed an increase in zero-day bugs being exploited.

Mandiant and Project Zero have a different scope for the zero-day types they pursue. For the zero-days, Mandiant tracked 80 in 2021, compared to 30 tracked in 2020. Project Zero tracked 58 zero-day flaws in 2021, compared to 25 tracked in 2020.

Zero-day vulnerabilities are vulnerabilities that have yet to be made public. Tools attackers use to exploit these vulnerabilities are known as zero-day exploits. Once a bug becomes public, a fix may not be released immediately or at all, allowing attackers to exploit it.

For James Sadowski, a researcher at Mandiant, increasing detection and awareness means a shift in the zero-day landscape that has previously been limited to government-sponsored and financial hackers.

“There are definitely more zero-days being used than ever before. The overall count last year for 2021 shot up, and there are probably a couple of factors that contributed, including the industry’s ability to detect this. But, there’s also been a proliferation of these capabilities since 2012. There’s been a significant expansion in volume as well as the variety of groups exploiting zero-days,” Sadowski said.

Maddie Stone, security expert at Project Zero, notes that while it is difficult to get a full picture of the extent and context of the exploited zero days, studying those discovered can help developers and cybersecurity experts better protect their products.

The sources for this piece include an article in ArsTechnica.

SUBSCRIBE NOW

Related articles

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

New SMS Phishing Scam Targets U.S. Toll Road Users with Fake Payment Alerts

Brian Krebs of the Krebs on Security blog did a big piece leading with how residents across the...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways