Zero-Day exploitation at an all-time high

80 zero-days were exploited in 2021
Zero-Day exploitation at an all-time high
Zero-day exploitation

Zero-day exploitation reached an all-time high in 2021, according to a report commissioned by American cybersecurity firm Mandiant. 

Zero-Day is one of the most dangerous computer-software vulnerabilities that can ever be detected, as these vulnerabilities are exploited to perform a Zero Day Attack. The danger of zero-day attacks enables developers to have no opportunity to plug or fix the vulnerability.

The report reveals that zero-day exploitation increased from 2012 to 2021, and the annual number is expected to grow in the future.

The study shows that several factors contribute to growth in the number of zero-days exploited. For example, the continued move toward cloud hosting, mobile, and Internet-of-Things (IoT) technologies, and increases to the volume and complexity of systems and devices connected to the internet.

According to the report, 80 zero-days were exploited in 2021, which is more than double the previous record volume in 2019. 

Additionally, the expansion of the exploit broker marketplace also likely contributed to this growth, with more resources being shifted toward research and development of zero-days, both by private companies and researchers, as well as threat groups.

Moreover, enhanced defenses also likely allow defenders to detect more zero-day exploitation now than in previous years, and more organizations have tightened security protocols to reduce compromises through other vectors.

On the other hand, the analysis highlighted that state-sponsored espionage groups continue to be the primary actors exploiting zero-day vulnerabilities, although the proportion of financially motivated actors deploying zero-day exploits is growing.

From 2014–to 2018, Mandiant observed only a small proportion of financially motivated actors exploit zero-day vulnerabilities, but by 2021, roughly one-third of all identified actors exploiting zero-days were financially motivated. We also noted new threat clusters exploit zero-days but do not yet have sufficient information about some of these clusters to assess motivation.

The stories on our website are intended for informational purposes only. Those with finance, investment, tax or legal content are not to be taken as financial advice or recommendation. Refer to our full disclaimer policy here.