Zero-day exploits remain the most attractive attack vector for cybercriminals. This is made evident by yearly reports from Google Project Zero and security specialist Mandiant.

The yearly reports of Google Project Zero and Mandiant try to answer why zero-day attacks are so interesting for cybercriminals. Both reports conclude that the number of zero-day threats has continued to increase in recent years. Project Zero by Google identified 58 zero-day attacks; Mandiant saw 80.

More volume

Zero-day vulnerabilities are vulnerabilities that haven’t been disclosed to the public. As soon as a zero-day vulnerability is found and shared among cybercriminals, incidents take place en masse. According to Project Zero, more and more zero-day exploits are being discovered. The researchers indicate that hacking software is increasingly focussed on finding zero-day vulnerabilities.

Researches from Mandiant point out an increase in the number of zero-day exploits as well. According to Mandiant, cybercriminals focussing on zero-day vulnerabilities are becoming more diverse. In the past, zero-day vulnerabilities were primarily pursued by state-sponsored actors. Mandiant says that that’s no longer the case.

Solving vulnerabilities

According to Project Zero, the responsibility for preventing zero-day attacks lies with software developers. Many of the zero-day vulnerabilities found in 2021 could easily have been prevented. Specialists urge organizations and developers to embrace testing software and integrate security in the development pipeline.

Tip: Google sees increase of zero-day vulnerabilities in internet browsers