The security researchers of Google's "Project Zero" have completed their statistics on actively exploited zero-day vulnerabilities. The conclusion: In 2021, there was a massive increase in known zero days. This is not only due to the increase in attacks, but also to the fact that they are now easier to detect.
The term "zero day" refers to security vulnerabilities that have "zero days" between their discovery and the first attack.
If a security vulnerability is discovered by users or security researchers, they usually first notify the software provider. The vendor then has some time to develop a patch or an update. This time is usually waited before the security vulnerability is communicated to the public. Many security researchers work directly with software providers and then give them a predefined period of time after the discovery of a security vulnerability to take the necessary measures. Only then do they go public.
In addition, there is the possibility that attackers are the first to discover such security vulnerabilities. These, of course, exploit the gap immediately as part of a "zero-day attack". These attacks are particularly difficult to combat because they are hard to detect.
Project Zero" is a group of security researchers from Google who, among other things, work with companies and alert them to possible zero-day security vulnerabilities. In addition, "Project Zero" has been evaluating actively exploited security vulnerabilities every year since 2014. The aim is to use this evaluation to identify trends in the IT industry as well as among attackers and to draw conclusions about how to protect IT security.
Zero Days in 2021
For the year 2021, Project Zero recorded a record number of known and actively used Zero Days. The value for 2021 was 58, while in recent years it has mostly been just over 20.
Project Zero also looked at possible causes for this development. According to the researchers, there has not merely been an increase in zero-day attacks. Rather, the exploitation of such vulnerabilities is now better recognized by security researchers. In addition, the affected manufacturers are now making more of the exploited zero days public.
The team's researchers also highlighted that most zero-day attacks were surprisingly simple. Since zero days are the most advanced of all attack methods, they expected something different. Instead, about two-thirds were simply based on memory errors (categories such as use-after-free, out-of-bounds accesses, buffer and integer overflows). These have long been known to be problematic.
An "impressive work of art", on the other hand, were the loopholes called Forcedentry, which were used for a Pegasus Trojan from the manufacturer NSO. However, this is a rare exception. On average, the IT industry still makes it too easy for attackers.
Would you like advice on data security and data protection? Our team of experts will be happy to help you!