55 zero-day flaws exploited last year show the importance of security risk management

/in


Deploying security patches as quickly as possible remains one of the best ways to prevent most security breaches, as attackers usually rely on exploits for publicly known vulnerabilities that have a patch available — the so-called n-day exploits. But mitigating the risk from vulnerabilities unknown to the affected software developers and don’t have a patch available — the zero-day flaws — requires a careful analysis of the types of actors exploiting them, the geography and industries they target, the malware payloads they deploy, the tactics they use, and the type of products they usually target.

According to an analysis by Google-owned threat intelligence and incident response firm Mandiant, attackers exploited 55 zero-day flaws last year, fewer than the 81 observed in 2021 but triple the number tracked in 2020 and higher than in any previous years. In fact, 2020 was an outlier because security vendors saw their normal workflows disrupted by the COVID pandemic that year, possibly impacting their ability to discover and track zero-day attacks.

“We anticipate that the longer term trendline for zero-day exploitation will continue to rise, with some fluctuation from year to year,” the Mandiant researchers said. “Attackers seek stealth and ease of exploitation, both of which zero-days can provide. While the discovery of zero-day vulnerabilities is a resource-intensive endeavor and successful exploitation is not guaranteed, the total number of vulnerabilities disclosed and exploited has continued to grow, the types of targeted software, including Internet of Things (IoT) devices and cloud solutions, continue to evolve, and the variety of actors exploiting them has expanded.”

From APTs to ransomware operators

Zero-day exploits have historically been a resource employed primarily by well-funded cyberespionage groups and commercial spyware vendors that sell their so-called surveillance software to government agencies. That’s because zero-day exploits are an expensive commodity with a short shelf-life. Once they’re detected in the wild, they’re quickly patched. This means to get the most out of them, threat groups use them in very targeted campaigns against a…

Source…