Zero-day vulnerabilities are increasing. Attackers can exploit these weaknesses in the wild before a patch becomes publicly available. Until white hats mitigate a zero-day vulnerability, actors can freely exploit it to breach data, systems and networks. According to a Mandiant Threat Intelligence report, the number of zero-day exploits in 2021 grew more than 100% compared to the previous record set in 2019. This means that during the last decade about 40% of all zero-day attacks occurred in 2021 alone.

The most frequent zero-day exploits involved Microsoft, Apple and Google products. The rapid growth in zero-day attacks represents a major threat to any industry worldwide due to how common the target products are.

Record number of zero-day exploits

In 2021, the Mandiant report found 80 zero-days exploited, which more than doubled the previous record set in 2019.

The primary actors exploiting these vulnerabilities continue to be state-sponsored groups. The researchers also detected a notable rise in financially driven attacks. The study showed that 33% of zero-day attackers sought financial gain, especially ransomware gangs.

Ongoing investigation

The report’s conclusions included original research, breach investigation findings and open sources. Researchers stated that they could not confirm the sources of some findings. As incident forensic investigation unfolds, further insight into the full impact of zero-day incidents will continue to develop.

Causes of increased zero-day attacks

To explain the increase in zero-day exploits, the authors of the report suggest several potential driving forces, such as:

  • More cloud hosting, mobile and Internet of Things technologies increase the volume and complexity of systems and devices. That is, more software leads to more software flaws.
  • The growth of the exploit broker marketplace results in more research into zero-days by private companies, researchers and threat actors.
  • More robust defense and detection efforts may increase zero-day exploit reporting.
  • Tightened security protocols against other vectors mean threat groups must resort to zero-day targets.

State-sponsored versus financial motivation

In the past, state-sponsored zero-day incidents made up the bulk of this type of attack. China-based cyber spy groups were involved in more zero-days than any other nation-state in 2021. The report states that at least 10 separate countries have likely exploited zero-days since 2012.

Meanwhile, financially motivated attacks also increased last year. From 2014 to 2018, only a small number of financially motivated attacks targeted zero-day vulnerabilities. However, by 2021, roughly one-third of all zero-day exploits were financially motivated.

Zero-day and ransomware

As global ransomware activity has grown, the number of ransomware attacks exploiting zero-day vulnerabilities has also increased. The report suggests that ransomware groups may be recruiting or purchasing services linked to formerly developed exploit kits.

The research shows that 75% of total zero-day vulnerabilities involve Microsoft, Apple and Google products. As much of the world relies on these products, zero-day threats will continue to be a challenge for security officers in the future.

More from News

Securing critical infrastructure with the carrot and stick

4 min read - It wasn’t long ago that cybersecurity was a fringe topic of interest. Now, headline-making breaches impact large numbers of everyday citizens. Entire cities find themselves under cyberattack. In a short time, cyber has taken an important place in the national discourse. Today, governments, regulatory agencies and companies must work together to confront this growing threat. So how is the federal government bolstering security for critical infrastructure? It looks like they are using a carrot-and-stick approach. Back in March 2022, the…

650,000 cyber jobs are now vacant: How to tackle the risk

4 min read - How far is the United States behind in filing cybersecurity jobs? As per Rep. Andrew Garbarino, R-N.Y., Chairman of the HHS Cybersecurity and Infrastructure Protection Subcommittee, overseas adversaries have a workforce advantage over FBI cyber personnel of 50 to one. His statements were made during a recent subcommittee hearing titled “Growing the National Cybersecurity Talent Pipeline.” Meanwhile, recent CyberSeek data shows over 650,000 cyber jobs to fill nationwide. Given the rising rate of cyberattacks, these numbers are truly alarming. How…

Will data backups save you from ransomware? Think again

4 min read - Backups are an essential part of any solid anti-ransomware strategy. In fact, research shows that the median recovery cost for ransomware victims that used backups is half the cost incurred by those that paid the ransom. But not all data backup approaches are created equal. A separate report found that in 93% of ransomware incidents, threat actors actively target backup repositories. This results in 75% of victims losing at least some of their backups during the attack, and more than…

Should you worry about state-sponsored attacks? Maybe not.

4 min read - More than ever, state-sponsored cyber threats worry security professionals. In fact, nation-state activity alerts increased against critical infrastructure from 20% to 40% from 2021 to 2022, according to a recent Microsoft Digital Defense Report. With the advent of the hybrid war in Ukraine, nation-state actors are launching increasingly sophisticated attacks. But is this the most prominent danger facing companies today? While nation-state-based attacks cannot be ignored, it looks like insider cyber incidents are far more common. In fact, for the…