• Uncategorised

Experts found a record number of zero-day hacks in 2021

Google has published the 2021 review of Project Zero, revealing a record amount of zero-days exploits (labeled as “one of the most advanced attack methods”) exhibited by some of the world’s largest technology companies. Project Zero is an initiative started by Google in 2014 aimed at detailing security defects known as zero-day exploits. These vulnerabilities are dangerous as they essentially remain undetected unless a mitigation system has been implemented, thus leaving systems, databases, and the like completely exposed to hackers.

Stock Depot/Getty Images

The end-of-year report for 2021 confirmed that 58 zero-day exploits were discovered.

That’s the highest amount detected since Project Zero’s inception — 2015 was the previous record holder with a total of 28 digital exploits. Comparatively, at the height of the pandemic that saw hackers intensify their efforts in malicious cybercrime activity, Google’s security team disclosed 25 security flaws during 2020. Google stressed that the record 58 zero-day exploits that were publicly detailed aren’t necessarily an indication of “increased usage of zero-day exploits.” On the contrary, the company ascribes it to the “increased detection and disclosure of these zero-days.”

“It’s highly likely that in 2021, there were other zero-days that were exploited in the wild and detected, but vendors did not mention this in their release notes.

In 2022, we hope that more vendors start noting when they patch vulnerabilities that have been exploited in the wild. Until we’re confident that all vendors are transparently disclosing in the wild status, there’s a big question of how many in the wild zero-days are discovered, but not labeled publicly by vendors.”

The report’s first zero-day exploit that was analyzed involved Google’s very own Chromium, which provides the open-source code for its Chrome browser. Chromium saw a record high 14 zero-day bugs.

Among the exploits were 10 remote code execution bugs, 2 sandbox escapes, and 1 infoleak. The final zero-day bug resulted in hackers attempting to open a webpage in Android-based apps instead of Chrome. Elsewhere, seven Android zero-days were identified — quite a big jump from the single exploit found in 2019, which incidentally was the only other discovery by the Project Zero team pertaining to Google’s mobile operating system.

Experts found a record number of zero-day hacks in 2021Digital Trends Graphic

Apple, iOS, MacOS, and Windows

Google also mentioned WebKit, which is Apple’s web browser engine that powers Safari.

According to Google, before 2021, Apple only revealed one public zero-day exploit that was designed to infiltrate WebKit/Safari. Even then, the disclosure materialized via a third-party researcher’s study. However, in 2021, there were seven zero-days associated with Apple’s web browser, four of which were involved Safari’s Javascript Engine component.

Breaking away from the technology giant’s previously secretive nature when it came to detailing 0-day exploits, “2021 was the first full year that Apple annotated their release notes with in the wild status of vulnerabilities.” To this end, five iOS zero-days were confirmed by Apple, while the first publicly discovered MacOS zero-day was uncovered as well. Apple places huge importance on its security measures for iOS and Mac-based systems.

After all, it gave a student £100,000 for hacking the latter. As for Microsoft, Google detailed 10 Windows zero-days that targeted seven separate elements, including Enhanced crypto provider (no surprise there, of course), NTOS kernel, and Win32k. “Windows is the platform where we’ve seen the most change in components targeted compared with previous years.

However, this shift has generally been in progress for a few years and predicted with the end-of-life of Windows 7 in 2020 and thus why it’s still not especially novel,” Google said. Windows 11 was also subjected to a zero-day hack after its launch. Microsoft, however, doesn’t pay as handsomely as Apple when it comes to bug discoveries in some cases: Payouts have apparently been reduced to £1,000 from £10,000.

Furthermore, during 2021, five zero-days connected to Microsoft Exchange Server were found. “This is the first time any Exchange Server in the wild zero-days have been detected and disclosed since we began tracking in the wild zero-days,” the report added.

Experts found a record number of zero-day hacks in 2021

Hackers stick to tried-and-tested methods

Within the report’s New Year, Old Techniques section, Google emphasized that despite the record number of “data points” in 2021 “to understand how attackers are actually using zero-day exploits,” it was actually surprised that it recognized all that data — “there was nothing new.”

“Zero-day exploits are considered one of the most advanced attack methods an actor can use, so it would be easy to conclude that attackers must be using special tricks and attack surfaces. But instead, the zero-days we saw in 2021 generally followed the same bug patterns, attack surfaces, and exploit “shapes” previously seen in public research.

About67% of the 58 zero-day exploits were memory corruption vulnerabilities. Google said this shouldn’t come as too much of a surprise when you consider the fact that this specific category is the go-to method for finding a way into software “for the last few decades,” and it’s largely the reason attackers continue to successfully gain access to its targets.

Google capped its report with a statement on the impact of zero-day exploits and the consequences of a successful attack.

“While the majority of people on the planet do not need to worry about their own personal risk of being targeted with zero-days, zero-day exploitation still affects us all.

These zero-days tend to have an outsized impact on society, so we need to continue doing whatever we can to make it harder for attackers to be successful in these attacks.

2021 showed us we’re on the right track and making progress, but there’s plenty more to be done to make zero-day hard.”

With the world becoming more digital and technology-driven than ever before, cybercriminals are making billions of dollars by exploiting individuals.

With an increase in cyber crime across the board, nearly £7 billion was stolen from people last year, which is largely attributed to certain crime types such as personal data breach (clean up your passwords) and ransomware.

Editors’ Recommendations

Tags:

asics-clearance listed on couponmatrix.ukcurrys-partmaster listed on couponmatrix.ukparis-pass listed on couponmatrix.ukslug-and-lettuce listed on couponmatrix.ukso-sure listed on couponmatrix.ukworkwear-express listed on couponmatrix.uk
asics-clearance listed on couponmatrix.ukFounded in 1949, ASICS is dedicated to nurturing both athletes and sport's enthusiasts alike with intelligently-designed sports shoes and apparel. Whether you're a keen jogger, gym king, tennis pro or simply enjoy a light stroll in the park, ASICS Oulet has a range of fitness gear to suit your goals and needs. Upgrade your kit for less with an ASICS Clearance discount code and boost your performance without breaking the bank. With ranges for men, women and children, everyone can stay stylish while staying active.
currys-partmaster listed on couponmatrix.ukWith more than one million parts and accessories in stock for your convenience, Partmaster is the UK’s leading supplier of electronic spares. If your home appliance, computer or gadget is in need of repair, don't fork out for a replacement - make the most of a Partmaster discount code to save on affordable parts to get you back up and running.
paris-pass listed on couponmatrix.ukThe bustling Champs--Élysées, the Seine sparkling in the moonlight, coffee and delectable pastries on a cobbled street. A getaway to Paris can be a magical experience, where you can encounter some of the most beautiful architecture and museums in the world. With so much to see and do, make the most of your time in the City of Lights with our fantastic discount codes for Paris Pass. Forget waiting in long lines and spending hours online trying to buy tickets for separate museums. With Paris Pass you will be get Fast Track entry to some of the most popular sites in Paris.
slug-and-lettuce listed on couponmatrix.ukFrom cocktails with the girls to blissful weekend brunches, the Slug & Lettuce is your go-to for a good time. Discover tasty treats and to die for drinks for less with a Slug & Lettuce voucher from us - it’s the perfect excuse for a glass of bubbles (or three)! With gorgeous venues dotted all around the country, you’re sure to find one in your neighbourhood. Reserve a table today or check out upcoming events - at the Slug & Lettuce, there’s always something going on.
so-sure listed on couponmatrix.ukChoose SO-SURE for insurance that’s a win-win. Get covered in minutes for phone and contents insurance, covering everything from laptops and appliances to the food in your freezer! SO-SURE’s quick and easy service makes it easy to sign-up, and even easier to make a claim if the unexpected happens. With a SO SURE promo code from us, you can save on peace of mind and insurance policies that work for you.
workwear-express listed on couponmatrix.ukWhatever your job might be or workwear you need, you can rely on Workwear Express to get you kitted out from top to toe. At Workwear Express you’ll find a packed catalogue of clothing, footwear and accessory options, suitable for every type of workwear sector. With 25 years in the business and counting, Workwear Express is truly valued by a whole host of consumers and business customers who all trust in the expert logo printing and personalisation service. So why not use your workwear express voucher code to go pro and invest in quality products for yourself and your team with Workwear Express.