This year there have been more zero-day hacking attacks worldwide than ever before. An MIT Technology Review report, based on data gathered from multiple sources, said that at least 66 zero-days were used in 2021, almost double what it was last year. It blamed government-sponsored hackers for the rapid rise in such attacks. Although such attacks have increased, several cybersecurity experts have said that there is more than one negative side to the story. As the attacks increased, so did the ability to detect or stop them before they could cause great damage.
The term Zero day describes recently discovered vulnerabilities that hackers can use to attack computer systems. It refers to the fact that the developer has only just found out about the bug, which means they have “zero days” to fix it. So there is a zero-day attack before the developer learns about the error.
the report said the rapid proliferation of hacking tools may have contributed to the higher rate of reported zero days. Jared Semrau, Director of Vulnerability and Exploitation at the American cybersecurity firm FireEye Mandiant, said China is suspected of being responsible for nine zero days this year. And some other countries that do not have the infrastructure or the talent to run such espionage initiatives themselves are buying them from others. Semrau added, “A third of the zero days you’ve been following recently can be blamed on financially motivated actors.”
But that surge in zero-day hacking attacks isn’t necessarily a bad thing. The report said none of the experts it spoke to believed the number of attacks had more than doubled in such a short period of time. That could mean the defenders are getting better at their jobs.
Mark Dowd, founder of Azimuth Security, said defenders are now detecting complex hacks and it shows their increasing ability to detect sophisticated attacks.