Threat analysts at Mandiant said they have identified 80 zero-day vulnerabilities exploited in the wild in 2021, with most of the attacks being conducted by state-backed hackers, more specifically China-linked advanced persistent threat (APT) groups.
The report also notes that cyber criminals have been increasingly using zero-day bugs in their attacks, and nearly 1 in 3 identified actors exploiting zero-days in 2021 was financially motivated. Malicious actors exploited zero-day flaws in Microsoft, Apple, and Google products most frequently, likely reflecting the popularity of these vendors.
“We suggest that a number of factors contribute to growth in the quantity of zero-days exploited. For example, the continued move toward cloud hosting, mobile, and Internet-of-Things (IoT) technologies increases the volume and complexity of systems and devices connected to the internet—put simply, more software leads to more software flaws,” Mandiant said. “The expansion of the exploit broker marketplace also likely contributes to this growth, with more resources being shifted toward research and development of zero-days, both by private companies and researchers, as well as threat groups.”
As for threat actors exploiting the bugs, Chinese hackers top the list with 8 zero-days followed by Russian APTs (2 zero-days) and North Korean state-backed groups (1 zero-day vulnerability).
“While zero-day exploitation is expanding, malicious actors also continue to leverage known vulnerabilities, often soon after they have been disclosed. Therefore, security may be improved by continuing to incorporate lessons from past targeting and an understanding of the standard window between disclosure and exploitation,” the researchers said.
Last week, Google Project Zero released a report highlighting a dramatic surge in zero-day exploits detected in 2021.