While everyone is aware that cybersecurity attacks and incidents have been up across the board in the last few years—especially since the shift to remote work in early 2020—it might surprise you to learn just how much Zero-Day vulnerability exploits increased in 2021.
Google's Project Zero just released its third annual review of Zero-Day exploits in the wild, looking back at all of the detected and disclosed incidents during the year. The stated goal was to analyze the exploits as a whole and come up with a few key takeaways to share with the world, and ultimately, make it more difficult for threat actors to exploit Zero-Days.
In 2021, there were 58 in-the-wild Zero-Days detected and disclosed, the most since Project Zero started tracking in 2014. The previous high was 28 in 2015, and there were only 25 detected in 2020.
The graph below shows how Zero-Days have increased in recent years:
Project Zero on Zero-Day exploits
It certainly could be alarming to see the number of such exploits more than double in just one year, but Google doesn't think this number is too concerning.
Security researchers believe that the large jump is actually due to increased detection and disclosure of Zero-Days, rather than just an increase in usage by threat actors.
What is surprising is that with a record number of exploits, the attackers' methodology has not really changed from previous years. Threat actors are using the same bug patterns and exploitation techniques and are going after the same attack surfaces.
When looking at the 58 exploits disclosed, Google says that only two stood out, "one for the technical sophistication of its exploit and the other for its use of logic bugs to escape the sandbox."
While the cybersecurity field has significantly improved its ability to detect and disclose Zero-Days, the fact that attackers are using the same methods with success shows there is still a lot of room for improvement.
[RELATED: Podcast – Bug Bountie$ = Patches (How?)]
3 steps to make Zero-Day exploits harder in 2022
Project Zero's mission is simply to "make 0-day hard." It says that Zero-Days will be harder when attackers are not able to use public methods and techniques for developing their exploits.
Researchers highlighted three steps toward making Zer0-Days harder:
- "All vendors agree to disclose the in-the-wild exploitation status of vulnerabilities in their security bulletins."
- "Exploit samples or detailed technical descriptions of the exploits are shared more widely."
- "Continued concerted efforts on reducing memory corruption vulnerabilities or rendering them unexploitable. Launch mitigations that will significantly impact the exploitability of memory corruption vulnerabilities."
For more technical information on Zero-Day exploits, including details on each major platform that saw in-the-wild Zero-Days in 2021, see the report from Google's Project Zero.