Zero-day exploits rising: When cyberattacks are speedy and sneaky

IMAGE CREDIT:
Image credit
iStock

Zero-day exploits rising: When cyberattacks are speedy and sneaky

Zero-day exploits rising: When cyberattacks are speedy and sneaky

Subheading text
Zero-day exploits can happen in the blink of an eye, and they're becoming more common than ever.
    • Author:
    • Author name
      Quantumrun Foresight
    • November 24, 2021

    As zero-day exploits become more common and subtle, software developers scramble to catch them before they cause chaos.

    Zero-day exploits rising context

    Zero-day exploits are cyberattacks that exploit previously unknown vulnerabilities in software before companies can release a patch to fix these vulnerabilities. In spite of current (2021) software testing paradigms, even companies with the largest development budgets can sometimes release software that contains bugs or vulnerabilities; unfortunately, hackers are getting better at spotting flaws in software and systems (and even hardware) faster than before. Thus, it takes "zero days" for tech firms to prevent these attacks because cybercriminals have already infiltrated the system and gotten away with the data. 

    What makes zero-day exploits dangerous is that significant damage and/or data theft can happen long before such exploits are discovered and ultimately fixed. Email accounts could have already been harvested, and malware could have already been introduced into systems. This is why developers need to ensure that software and hardware is thoroughly tested and cybersecurity is strong before releasing new products into the market.

    Disruptive impact

    Google's Project Zero research found that there has been a surge of zero-day exploits in 2021 compared with the previous years. However, these exploits are also becoming less impactful as cybersecurity systems have also improved. Still, there had been some alarming incidences. 

    Google reported that hackers exploited two Chrome zero-day flaws in February and June 2021, where links were sent to targeted emails in Armenia. The attack stole data on the users' systems, including details about OS, CPU, and plugins to determine if users' systems were worth exploiting any further. Meanwhile, in May 2021, Russian cybercriminals exploited a zero-day flaw in WebKit—the engine used in the Safari browser—to target European governments and non-government organizations (NGOs).

    Cybersecurity experts think that this is just the beginning as mobile apps continue to flood the market, creating more opportunities for zero-day flaws to be created. Some hacker groups are even clients of vendors that offer advanced tools against cybercrimes.  

    Wider implications of zero-day exploits rising

    The wider implications of this emerging cybersecurity trend may include:

    • Cybersecurity providers increasingly using zero-day exploit data to understand where the software and hardware flaws are coming from and how to prevent them in future software releases.
    • Mobile app developers investing more heavily in cybersecurity before releasing their apps in the digital ecosystem.
    • The increasing use of specialized AI testing systems to test for zero-day exploits before companies release new software and hardware products into the market.

    Questions to comment on

    • How do you think the cybersecurity industry might evolve to defend against zero-day exploits?
    • Do you think such zero-day exploits are doomed to become a thing of the past as modern cybersecurity practices and software becomes more widespread?

    Insight references

    The following popular and institutional links were referenced for this insight: