2021 Accounted For 40% Of Zero-Days In The Last Decade

Researchers with Mandiant have released findings on 80 zero-days exploited “in the wild”, a surge in verified zero-day exploits over the course of the last year. Additionally, Google’s Project Zero said Tuesday that they tracked 58 cases of zero-day exploits in the wild last year. 2021 accounted for 40% of zero-day attacks undertaken in the last decade. That’s massive explosion of zero-days which means that users are less safe as a result.

I have two comments from industry experts. The first is from Saumitra Das, CTO and Cofounder, Blue Hexagon:

“Zero-day exploits and variants of malware that go after them have been on consistent rise as attackers invest in automation and research. Many of the zero-days discovered in old software like print spooler (print nightmare) are being discovered by overseas research teams. These can then be weaponized at scale and quickly by attackers using mutated malware to get in. In many cases, attacker use an existing foothold and simply try out a new POC at a victim.”

The second comment is from Chris Olson, CEO, The Media Trust:

“Not only is the number of zero-day attacks rising, but malicious actors are exploiting them faster than ever before. In December, Chinese actors were targeting the Log4Shell vulnerability only hours after its initial disclosure. With the cybersecurity landscape dominated by increasingly sophisticated threat actors, we can expect the incidence of zero days to rise in 2022, especially with heightened political tensions around the world.”

“In response, organizations should be particularly vigilant against underemphasized attack surfaces such as websites and mobile apps if they want to protect their customers. Based on our observations, we expect a rise in attacks based on polymorphic and obfuscated code, rapid URL shifting and other advanced techniques to deliver ransomware and other malicious executables.”

Zero-days are now the new normal, which means that organizations need to hunt down these threats make sure your ensure their defences are on point. Because the bad guys are out there hunting for zero-days that they can exploit. Which means that you are under threat as a result.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: