Written by Suzanne Smalley
Apr 22, 2022 | CYBERSCOOP
Mandiant said that its intelligence division has documented a surge in verified zero-day exploits over the course of the last year, with 2021 accounting for 40% of zero-day attacks undertaken in the last decade.
A zero-day vulnerability is a flaw in software or hardware which threat actors identify and exploit. Attackers then release malware before a developer can create a patch to address the vulnerability.
Mandiant Intelligence on Thursday identified 80 zero-days exploited “in the wild” — that is, in active use — in 2021, more than double the previous record volume set in 2019. Mandiant said it analyzed more than 200 zero-day vulnerabilities from 2012 to 2021.
Other organizations also have reported a sharp uptick in zero-day exploits in the past year. Researchers at Google’s Project Zero said Tuesday that they tracked 58 cases of zero-day exploits in the wild last year. Google said the number is largest they’ve found in a single year since Project Zero launched in mid-2014, attributing the figure in part to better detection.
Last year’s total from Project Zero is more than double the previous maximum of 28 in 2015. Only 25 such attacks