Google revealed that its Project Zero team tracked 58 zero-day vulnerabilities used in the wild, the most since the program’s inception in 2014.
Zero-day vulnerabilities are one of the most challenging security issues, which also means that many people are looking for them. Unfortunately, that means security researchers and malicious actors alike. Because a zero-day vulnerability can give attackers the tools needed to compromise a device, network or other types of infrastructure, an entire industry is built on the back of these exploits.
The number 58 might not seem like a lot, but we have to remember these vulnerabilities have been spotted in the wild and used in attacks. Even worse, they are only the ones we know about.
“While we often talk about the number of 0-day exploits used in-the-wild, what we’re actually discussing is the number of 0-day exploits detected and disclosed as in-the-wild,” said Google Project Zero’s Maddie Stone. “And that leads into our first conclusion: we believe the large uptick in in-the-wild 0-days in 2021 is due to increased detection and disclosure of these 0-days, rather than simply increased usage of 0-day exploits.”
Companies and other parties have likely disclosed more security incidents, leading to this massive uptick in the number of zero-days.
The good news is that the attacks don’t seem to have evolved significantly, from a technical standpoint, compared with last year or the years before. With a couple of exceptions, most zero-days have been similar to what’s been used before.
“Only two 0-days stood out as novel: one for the technical sophistication of its exploit and the other for its use of logic bugs to escape the sandbox,” Maddie explained.
The problem is that attackers don’t say when they’re using zero-days, and not all companies reveal attacks. Some don’t even know they’ve fallen victim. This means that it’s impossible to know how many other zero-days are still in the wild and unaccounted for, nor if the 58 Google tracked are a minority or a majority.