BEST OF THE WEB

Researchers Record Spike In Zero-day Exploits In 2021

Investigations conducted by threat intelligence firm Mandiant and Google’s Project Zero have revealed an increase in zero-day bugs being exploited.

Mandiant and Project Zero have a different scope for the zero-day types they pursue. For the zero-days, Mandiant tracked 80 in 2021, compared to 30 tracked in 2020. Project Zero tracked 58 zero-day flaws in 2021, compared to 25 tracked in 2020.

Zero-day vulnerabilities are vulnerabilities that have yet to be made public. Tools attackers use to exploit these vulnerabilities are known as zero-day exploits. Once a bug becomes public, a fix may not be released immediately or at all, allowing attackers to exploit it.

For James Sadowski, a researcher at Mandiant, increasing detection and awareness means a shift in the zero-day landscape that has previously been limited to government-sponsored and financial hackers.

“There are definitely more zero-days being used than ever before. The overall count last year for 2021 shot up, and there are probably a couple of factors that contributed, including the industry’s ability to detect this. But, there’s also been a proliferation of these capabilities since 2012. There’s been a significant expansion in volume as well as the variety of groups exploiting zero-days,” Sadowski said.

Maddie Stone, security expert at Project Zero, notes that while it is difficult to get a full picture of the extent and context of the exploited zero days, studying those discovered can help developers and cybersecurity experts better protect their products.

IT World Canada Staff
IT World Canada Staffhttp://www.itworldcanada.com/
The online resource for Canadian Information Technology professionals.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web