Hackers are being caught exploiting new bugs more than ever

- Advertisement -


Previously unknown”zero day“Software vulnerabilities are mysterious and intriguing in their own right. But they are even more remarkable when hackers are seen actively exploiting new software flaws in the wild before anyone else knows about them. As researchers have expanded their focus to discover and study more of this exploitation, they are seeing it more and more. Two reports this week from a threat intelligence firm Mandiant and the Google Bug Team, Project zerotry to give an idea of ​​how much zero-day exploitation has grown in recent years.

- Advertisement -

Mandiant and Project Zero have different capabilities for the zero day types they track. Project Zero, for example, does not currently focus on analyzing flaws in IoT devices that are being exploited in the wild. As a result, the absolute numbers in the two reports cannot be directly compared, but both teams tracked a record high number of exploited zero days in 2021. Mandiant tracked 80 last year, up from 30 in 2020, and Project Zero tracked 58 in 2021, up from 25 a year earlier. However, the key question for both teams is how to put their results into context, given that no one can see the full scale of this clandestine activity.

- Advertisement -

“We started seeing a surge in early 2021 and a lot of the questions I got throughout the year were, ‘What the hell is going on?’ says Maddie Stone, security researcher at Project Zero. “My first reaction was, ‘Oh my God, there are so many. But when I took a step back and looked at it in the context of previous years to see such a big jump, this growth is actually most likely due to increased discovery, transparency and public awareness of zero days.”

Before a software vulnerability is publicly announced, it is called “zero daybecause there were no days for the software maker to develop and release a fix, and zero days for defenders to start tracking down the vulnerability. In turn, the hacking tools that attackers use to exploit such vulnerabilities are known as zero-day exploits. Once a bug is known, a fix may not be released immediately (or never), but attackers are notified that their activities may be detected or the hole closed at any time. As a result, zero days are highly desirable and they big business for both criminals and government-backed hackers who want to mass campaigns and adapted, individual targeting.

- Advertisement -

Zero-day vulnerabilities and exploits are generally considered unusual and rare hacking tools, but governments have repeatedly demonstrated store zero days, and enhanced detection showed how often attackers use them. Over the past three years, tech giants such as Microsoft, Google, and Apple have begun standardizing the practice of marking when they discover and fix a vulnerability that was in use before a patch was released.

While awareness and detection efforts have increased, James Sadowsky, a researcher at Mandiant, stresses that he is indeed seeing evidence of landscape change.

“Definitely more zero days are being used than ever before,” he says. “The total count last year for 2021 has risen sharply, and several factors have likely contributed to this, including the industry’s ability to detect this. But since 2012, there has also been a proliferation of these opportunities,” the year referenced in the Mandiant report. “There has been a significant increase in volume as well as an increase in the number of groups using day zero,” he says.

If zero days were once the preserve of elite government-backed hacker groups, Sadowski says, they are now democratized. Financially motivated digital crime groups, some of which employ highly skilled hackers, have now also been seen using zero days, sometimes for both traditional financial scams and other attacks such as ransomware. And the appearance of the so-calledexploit brokers”, an industry that sells information about zero days and, as a rule, the corresponding exploit, has allowed anyone with enough money to use zero days for their own purposes.

For all types of actors, many hacks still involve exploiting vulnerabilities that have long been public knowledge but have not been consistently patched. Zero days are still less common. But by keeping track of which zero days have already been actively used, advocates can prioritize the rollout of specific patches and mitigations in the endless stream of updates that need to be done.

The Project Zero stone also highlights that while it is difficult to get a full understanding of the scope and context of exploitation of zero-day vulnerabilities, examining those that have been discovered helps shed light on how software developers and cybersecurity professionals can better protect products in the future. . Her research found, for example, that many of the zero days used in the wild in 2021 “were nothing special,” as she puts it. This means that when companies fix a vulnerability or write new code, they can better search for known classes of vulnerabilities and override classic attack paths, leaving attackers with fewer simple bugs to find and exploit.

“When we look at all these vulnerabilities, they are very similar to previous vulnerabilities that people have seen before and are publicly discussed in studies,” says Stone. “And that’s not what we want. We want attackers to have to come up with an entirely new vulnerability, all new things from start to finish, rather than look at code patterns or copy and paste. The hope is to keep raising that bar.”

While the security industry is trying to figure out how to do this, attackers are constantly creating new incidents to analyze in 2022.


More Great WIRED Stories

.


Credit: www.wired.com /

- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox