Skip to content

GREENGROUND

Daily Insights for a Smarter Tomorrow

Menu
  • Home
  • Medium
  • About Us
    • Mission
    • Contact Us
Menu

Hackers Are Getting Caught Exploiting New Bugs More Than Ever

Posted on April 21, 2022 by Livio Andrea Acerbo

Previously unknown “zero-day” software vulnerabilities are mysterious and intriguing as a concept. But they’re even more noteworthy when hackers are spotted actively exploiting the novel software flaws in the wild before anyone else knows about them. As researchers have expanded their focus to detect and study more of this exploitation, they’re seeing it more often. Two reports this week from the threat intelligence firm Mandiant and Google’s bug hunting team, Project Zero, aim to give insight into the question of exactly how much zero-day exploitation has grown in recent years.

Mandiant and Project Zero each have a different scope for the types of zero-days they track. Project Zero, for example, doesn’t currently focus on analyzing flaws in internet-of-things devices that are exploited in the wild. As a result, the absolute numbers in the two reports aren’t directly comparable, but both teams tracked a record high number of exploited zero-days in 2021. Mandiant tracked 80 last year compared to 30 in 2020, and Project Zero tracked 58 in 2021 compared to 25 the year before. The key question for both teams, though, is how to contextualize their findings, given that no one can see the full scale of this clandestine activity.

“We started seeing a spike early in 2021,and a lot of the questions I was getting all through the year were, ‘What the heck is going on?!’” says Maddie Stone, a security researcher at Project Zero. “My first reaction was, ‘Oh my goodness, there’s so much.’ But when I took a step back and looked at it in the context of previous years, to see such a big jump, that growth actually more likely is due to increased detection, transparency, and public knowledge about zero-days.”

Before a software vulnerability is publicly disclosed, it’s called a “zero-day,” because there have been zero days in which the software maker could have developed and released a patch and zero days for defenders to start monitoring the vulnerability. In turn, the hacking tools that attackers use to take advantage of such vulnerabilities are known as zero-day exploits. Once a bug is publicly known, a fix may not be released immediately (or ever), but attackers are on notice that their activity could be detected or the hole could be plugged at any time. As a result, zero-days are highly coveted, and they are big business for both criminals and, particularly, government-backed hackers who want to conduct both mass campaigns and tailored, individual targeting.

Zero-day vulnerabilities and exploits are typically thought of as uncommon and rarified hacking tools, but governments have been repeatedly shown to stockpile zero-days, and increased detection has revealed just how often attackers deploy them. Over the past three years, tech giants like Microsoft, Google, and Apple have started to normalize the practice of noting when they’re disclosing and fixing a vulnerability that was exploited before the patch release. 

While awareness and detection efforts have increased, James Sadowski, a researcher at Mandiant, emphasizes that he does see evidence of a shift in the landscape.

social experiment by Livio Acerbo #greengroundit #wired – original source here

Share this:

  • Click to share on Facebook (Opens in new window) Facebook
  • Click to share on X (Opens in new window) X
  • Click to share on LinkedIn (Opens in new window) LinkedIn
  • Click to share on Tumblr (Opens in new window) Tumblr
  • Click to share on Mastodon (Opens in new window) Mastodon
  • More
  • Click to share on Reddit (Opens in new window) Reddit
  • Click to share on Pocket (Opens in new window) Pocket
  • Click to share on Telegram (Opens in new window) Telegram
  • Click to share on WhatsApp (Opens in new window) WhatsApp

Like this:

Like Loading...
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Twitter
  • Facebook
  • YouTube
  • Instagram
  • Telegram
©2025 GREENGROUND | WordPress Theme by Superbthemes.com
This website uses cookies
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT
%d