Google zero-day hacks hit record in 2021, researchers say

After a year dominated by high-profile ransomware attacks, researchers from Google have identified another ignominious cyber milepost for 2021: a record number of “zero-day” exploits.

By:BLOOMBERG
| Updated on: Aug 22 2022, 11:41 IST
Google
A zero-day exploit is a previously unknown bug which leaves software vendors exactly zero days to secure it. (REUTERS)

After a year dominated by high-profile ransomware attacks and supply chain compromises, researchers from Alphabet Inc.'s Google have identified another ignominious cyber milepost for 2021: a record number of “zero-day” exploits.

A zero-day exploit is a previously unknown bug which leaves software vendors exactly zero days to secure it. That makes the technology in question particularly valuable to hackers -- and a nightmare for cybersecurity professionals.

You may be interested in

MobilesTablets Laptops
25% OFF
Google Pixel 128GB
  • Black
  • 4 GB RAM
  • 128 GB Storage
38% OFF
Google Pixel 7 Pro 5G
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
7% OFF
Google Pixel 7A
  • Charcoal
  • 8 GB RAM
  • 128 GB Storage
7% OFF
Google Pixel 7 5G
  • Obsidian
  • 8 GB RAM
  • 128 GB Storage

Hackers exploited a total of 58 zero-day flaws impacting major software providers in 2021, according to a report published Tuesday by Google's Project Zero, a team of elite bug hunters. That compares to 25 flaws in 2020 and 21 in 2019.

Also read
Looking for a smartphone? To check mobile finder click here.

It's the highest number of zero-days ever recorded by Project Zero since tracking began in 2014. The trend could be due to an improvement in detection from the likes of Microsoft Corp., Apple Inc. and Google, who now disclose their findings around zero-day issues, rather than a rise in hacks, Maddie Stone, a security researcher at Project zero, said in a blog post about the findings. 

In recent years, hackers have used the attack technique to install advanced spyware on smartphones that was then used to spy on journalists, politicians, human rights activists and others. Suspected Chinese state-sponsored hackers, meanwhile, exploited such flaws last year to compromise Microsoft Exchange servers.

Google's Stone said there were some surprises among the data. Despite the recent focus on spyware being misused, cybersecurity researchers are still struggling to find zero-days that allow hackers to take control of targets' phones. 

”We know that messaging applications like WhatsApp, Signal, Telegram, etc are targets of interest to attackers and yet there's only one messaging app, in this case iMessage, zero-day found this past year,” she wrote. The team has uncovered two such flaw since 2014, including an issue in WhatsApp in 2019 and a flaw in iMessage in 2021. 

Stone said the “majority of people on the planet” don't have to fear being at risk of being targeted by a zero-day attack. Still, she said such attacks end up having a broad impact.

“These zero-days tend to have an outsized impact on society so we need to continue doing whatever we can to make it harder for attackers to be successful.”

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 20 Apr, 22:49 IST
Tags:
NEXT ARTICLE BEGINS