back to article Now Mandiant says 2021 was a record year for exploited zero-day security bugs

The number of zero-day vulnerabilities exploited in the wild reached an all-time high last year, according to Mandiant. The security shop identified 80 such actively abused flaws in 2021, which Mandiant researcher James Sadowski noted is more than double the previous zero-day record from 2019. This echoes another zero-day …

  1. HildyJ Silver badge
    Big Brother

    Maths?

    So out of the 80, we have China responsible for 8, Russia for 2, and 8 other countries responsible for 1 each (?) which totals 18. Financially motivated gangs are responsible for 1/3 or 27. This leaves 35 unaccounted for.

    The uncharitable assumption is that those were allocated among Five Eyes (and other Western allies) and Mandiant chose not to (or was not allowed to) identify them. But I'd really like to know if Mandiant has commented on the discrepancy.

    Still, the overall conclusion, which I will paraphrase as 'we're doomed', remains valid. Malware as a Service is going to continue to get more popular and probably cheaper.

    1. A random security guy

      Re: Maths?

      Not every exploit can be definitely attributable to a specific country.

  2. Mike 137 Silver badge

    "Zero day"

    Although catchy as a phrase, "zero day" means no more than that the bad folks found an exploitable vulnerability before the good folks did. Given the prevalence of exploitable vulnerabilities, they're nothing special - indeed they're inevitable. Exploiting them before they're recognised and fixed is also inevitable, given that the first finder has an advantage. Our problem as defenders is the increasing scale of the vulnerability space, making it ever harder to investigate the problem. And I expect that the bad folks have rather more (and possibly better organised) resources for finding the vulnerabilities, as there's potential for serious monetary returns for them.

    1. Robert Helpmann??
      Childcatcher

      Re: "Zero day"

      And I expect that the bad folks have rather more (and possibly better organised) resources for finding the vulnerabilities, as there's potential for serious monetary returns for them.

      It is important to keep in mind there are other motivations than money when it comes to hackers. These inform what the targets are and what methods are used.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022