Google: Record Year for Zero Days in 2021

Written by

Last year saw the highest number of zero-day exploits since Google began tracking them, but the increase is likely the result of improved detection and disclosure rather than elevated criminal activity.

The tech giant’s Project Zero team tracked 58 such exploits in 2021, more than double the previous maximum of 28 detected in 2015 and last year’s haul of 25.

However, this is not necessarily a reflection of more zero-day exploits being used by threat actors but of researchers and vendors doing a better job of finding and disclosing them, according to Project Zero security researcher Maddie Stone.

“With this record number of in-the-wild zero days to analyze we saw that attacker methodology hasn’t actually had to change much from previous years. Attackers are having success using the same bug patterns and exploitation techniques and going after the same attack surfaces,” she continued.

“When we look over these 58 zero days used in 2021, what we see instead are zero days that are similar to previous and publicly known vulnerabilities. Only two zero days stood out as novel: one for the technical sophistication of its exploit and the other for its use of logic bugs to escape the sandbox.”

This represents an opportunity for defenders, she argued. However, vendors can make things even harder for threat actors by agreeing to publicly disclose whenever it appears a product is being exploited in the wild, Stone added.

Exploit samples or detailed technical descriptions should also be shared more widely by vendors and researchers, and there should be a bigger effort to minimize the number and impact of memory corruption bugs, she said.

“The goal is to force attackers to start from scratch each time we detect one of their exploits: they’re forced to discover a whole new vulnerability, they have to invest the time in learning and analyzing a new attack surface, they must develop a brand new exploitation method,” Stone concluded.

“While we made distinct progress in detection and disclosure it has shown us areas where that can continue to improve.”

What’s hot on Infosecurity Magazine?