Google security researchers who are part of the company’s elite Project Zero team have reported a record number of zero-display exploits detected in 2021: 58 exploits compared to 25 in the previous year.
The term ‘zero-day’ refers to a previously unidentified vulnerability in a system that is unknown to the developers that created it. A zero-day attack is when hackers take advantage of this vulnerability to gain unauthorised access into the system. Here, the word system can refer to a software, a device, or a network.
While the increase in zero-day exploits reported by the team at google may make it sound like more developers have begun unintentionally creating more vulnerabilities in their systems, that is not necessarily the case.
The number that the researchers are referring to is not the true number of zero-day exploits that have been used, rather, it refers to the number of zero-day exploits that have been detected by the team. Because of that, there is a different explanation for the uptick: the detection and disclosure of zero-day exploits has gotten better.
Project Zero engineers had earlier spoken about the “detection deficit” in their 2019 Year in Review, “As a community, our ability to detect 0-days being used in the wild is severely lacking to the point that we can’t draw significant conclusions due to the lack of (and biases in) the data we have collected.”
This better detection of zero-day exploits is actually a positive indicator, leading the researchers to conclude that there has been significant progress in bridging this gap.
The second reason for the uptick in numbers is that more organisations are disclosing the vulnerabilities that they detect, according to Project Zero researchers.
Despite the record number of ‘in-the-wild’ zero-day attacks last year, Project Zero researchers report that attacker methodology has not actually changed much from previous years. Attackers have been successful using the same bug patterns and exploitation techniques, without having to invest in novel techniques.