Zero-day vulnerabilities are increasing. Attackers can exploit these weaknesses in the wild before a patch becomes publicly available. Until white hats mitigate a zero-day vulnerability, actors can freely exploit it to breach data, systems and networks. According to a Mandiant Threat Intelligence report, the number of zero-day exploits in 2021 grew more than 100% compared to the previous record set in 2019. This means that during the last decade about 40% of all zero-day attacks occurred in 2021 alone. 

The most frequent zero-day exploits involved Microsoft, Apple and Google products. The rapid growth in zero-day attacks represents a major threat to any industry worldwide due to how common the target products are.

Record Number of Zero-Day Exploits

In 2021, the Mandiant report found 80 zero-days exploited, which more than doubled the previous record set in 2019. 

The primary actors exploiting these vulnerabilities continue to be state-sponsored groups. The researchers also detected a notable rise in financially driven attacks. The study showed that 33% of zero-day attackers sought financial gain, especially ransomware gangs.

Ongoing Investigation

The report’s conclusions included original research, breach investigation findings and open sources. Researchers stated that they could not confirm the sources of some findings. As incident forensic investigation unfolds, further insight into the full impact of zero-day incidents will continue to develop.

Causes of Increased Zero-Day Attacks

To explain the increase in zero-day exploits, the authors of the report suggest several potential driving forces, such as: 

  • More cloud hosting, mobile and Internet of Things technologies increase the volume and complexity of systems and devices. That is, more software leads to more software flaws. 
  • The growth of the exploit broker marketplace results in more research into zero-days by private companies, researchers and threat actors. 
  • More robust defense and detection efforts may increase zero-day exploit reporting.
  • Tightened security protocols against other vectors mean threat groups must resort to zero-day targets.

State-Sponsored Versus Financial Motivation

In the past, state-sponsored zero-day incidents made up the bulk of this type of attack. China-based cyber spy groups were involved in more zero-days than any other nation-state in 2021. The report states that at least 10 separate countries have likely exploited zero-days since 2012.

Meanwhile, financially motivated attacks also increased last year. From 2014 to 2018, only a small number of financially motivated attacks targeted zero-day vulnerabilities. However, by 2021, roughly one-third of all zero-day exploits were financially motivated. 

Zero-Day and Ransomware 

As global ransomware activity has grown, the number of ransomware attacks exploiting zero-day vulnerabilities has also increased. The report suggests that ransomware groups may be recruiting or purchasing services linked to formerly developed exploit kits.

The research shows that 75% of total zero-day vulnerabilities involve Microsoft, Apple and Google products. As much of the world relies on these products, zero-day threats will continue to be a challenge for security officers in the future.

More from News

The White House on Quantum Encryption and IoT Labels

A recent White House Fact Sheet outlined the current and future U.S. cybersecurity priorities. While most of the topics covered were in line with expectations, others drew more attention. The emphasis on critical infrastructure protection is clearly a top national priority. However, the plan is to create a labeling system for IoT devices, identifying the ones with the highest cybersecurity standards. Few expected that news. The topic of quantum-resistant encryption reveals that such concerns may become a reality sooner than…

Malware-as-a-Service Flaunts Its Tally of Users and Victims

As time passes, the security landscape keeps getting stranger and scarier. How long did the “not if, but when” mentality towards cyberattacks last — a few years, maybe? Now, security pros think in terms of how often will their organization be attacked and at what cost. Or they consider how the difference between legitimate Software-as-a-Service (SaaS) brands and Malware-as-a-Service (MaaS) gangs keeps getting blurrier. MaaS operators provide web-based services, slick UX, tiered subscriptions, newsletters and Telegram channels that keep users…

New Survey Shows Burnout May Lead to Attrition

For many organizations and the cybersecurity industry as a whole, improving retention and reducing the skills gap is a top priority. Mimecast’s The State of Ransomware Readiness 2022: Reducing the Personal and Business Cost points to another growing concern — burnout that leads to attrition. Without skilled employees, organizations cannot protect their data and infrastructure from increasing cybersecurity attacks. According to Mimecast’s report, 77% of cybersecurity leaders say the number of cyberattacks against their company has increased or stayed the…

Alleged FBI Database Breach Exposes Agents and InfraGard

Recently the feds suffered a big hack, not once, but twice. First, the FBI-run InfraGard program suffered a breach. InfraGard aims to strengthen partnerships with the private sector to share information about cyber and physical threats. That organization experienced a major breach in early December, according to a KrebsOnSecurity report. Allegedly, the InfraGard database — containing contact information of over 80,000 members — appeared up for sale on a cyber crime forum. Also, the hackers have reportedly been communicating with…