Software vulnerabilities are mysterious and intriguing as a concept. When hackers are spotted exploiting the novel software flaws in the wild before anyone else knows about them, they are even more noteworthy. Researchers are seeing this exploitation more often now that they have expanded their focus. Two reports this week from the threat intelligence firm Mandiant and Project Zero aim to give insight into the question of how much zero-day exploitation has grown in recent years.
The types of zero-days that Mandiant and Project Zero track are different. Project Zero does not currently focus on analyzing flaws in Internet-of-things devices that are exploited in the wild. Both teams tracked a record high number of exploited zero-days in 2021. Last year, Mandiant and Project Zero tracked 80 and 58, respectively, compared to 30 and 25 the year before. The key question for both teams is how to make sense of what they've found.
There have been zero days in which the software maker could have developed and released a patch for the vulnerability. Zero-day exploits are hacking tools that attackers use to take advantage of vulnerabilities. Once a bug is publicly known, a fix may not be released immediately (or ever), but attackers are on notice that their activity could be detected or the hole could be plugged at any time. Zero-days are big business for both criminals and government-backed hackers who want to conduct both mass campaigns and tailored, individual targeting.
Zero-day vulnerabilities and exploits are usually thought of as uncommon and rarified hacking tools, but governments have been shown to stockpile them, and increased detection has revealed just how often attackers deploy them. Over the past three years, tech giants like Microsoft, Google, and Apple have normalized the practice of noting when they disclose and fix a vulnerability that was exploited before the patch release.
All Rights Reserved © 2024
