2021 marked record-high zero-day exploits hit, as per analysts

April 25, 2022
2021 Record High Zero Day Exploit Vulnerability Cyberattacks Cyber Threat Google

Record-high zero-day exploits had been recorded for 2021 after security analysts in Google disclosed their findings regarding the threat. The researchers also added that last year’s record of zero-day exploits is the most ever detected for a year — with 58 cases found — since they began hunting in 2014.

Furthermore, analysts were alarmed with how the 2021 record has performed since the last most detected zero-day exploitation was in 2020 with only 25 records.

 

Security researchers constantly discover and patch malware and critical vulnerabilities before threat actors can abuse them. However, there are zero-day exploits that hackers find first to abuse and spread cyberattacks.

 

Nonetheless, experts believe that the record-high hit of the zero-day exploits only means that their detection rate has improved and not the hackers’ usage of them. On the other hand, the hackers’ attack tactics were unchanged over the years since they can still use the same exploitation methods to perform a successful attack.

Since the analysts publish their reports for public viewing, they inform the affected vendor of the discovered zero-day exploits so they can release patches first and address the security issues before the analysts announce the report to the public.

Most of the elusive cyberattacks recorded were rooted in zero-days. An example is when one of these threats was abused by the NSO Group, an Israeli spyware organisation that sold an exploit to governments that utilise it in attacking activists and other important groups. The said exploit was dubbed ‘FORCEDENTRY’ by the analysts, which they describe as one of the most sophisticated zero-days they have found.

The FORCEDENTRY zero-day was one of the 58 detected exploits they discovered last year that they consider ‘novel’.

Since numerous vendors are detecting and self-reporting zero-day exploits that affect their firms, researchers believe they expose themselves more to threats.

Researchers are hoping that in 2022, more vendors will allow disclosing the exploitation status of vulnerabilities in their security lists to the security experts and provide them exploit samples with detailed technical descriptions so they can perform more in-depth studies about the threat discoveries.

About the author