Now Mandiant says 2021 was a record year for exploited zero-day security bugs The number of zero-day vulnerabilities exploited in the wild reached an all-time high last year, according to Mandiant. The security shop identified 80 such actively abused flaws in 2021, which Mandiant researcher James Sadowski noted is more than double the previous zero-day record from 2019. This echoes another zero-day …
So out of the 80, we have China responsible for 8, Russia for 2, and 8 other countries responsible for 1 each (?) which totals 18. Financially motivated gangs are responsible for 1/3 or 27. This leaves 35 unaccounted for.
The uncharitable assumption is that those were allocated among Five Eyes (and other Western allies) and Mandiant chose not to (or was not allowed to) identify them. But I'd really like to know if Mandiant has commented on the discrepancy.
Still, the overall conclusion, which I will paraphrase as 'we're doomed', remains valid. Malware as a Service is going to continue to get more popular and probably cheaper.
Although catchy as a phrase, "zero day" means no more than that the bad folks found an exploitable vulnerability before the good folks did. Given the prevalence of exploitable vulnerabilities, they're nothing special - indeed they're inevitable. Exploiting them before they're recognised and fixed is also inevitable, given that the first finder has an advantage. Our problem as defenders is the increasing scale of the vulnerability space, making it ever harder to investigate the problem. And I expect that the bad folks have rather more (and possibly better organised) resources for finding the vulnerabilities, as there's potential for serious monetary returns for them.
And I expect that the bad folks have rather more (and possibly better organised) resources for finding the vulnerabilities, as there's potential for serious monetary returns for them.
It is important to keep in mind there are other motivations than money when it comes to hackers. These inform what the targets are and what methods are used.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
