MIT Technology Review released an article by Patrick Howell O’Neill claiming that in 2021 there has been a record-breaking number of Zero-day exploits. Zero-day exploits is way to launch a cyberattack by using an unknown vulnerability. Carrying a price of around $1 million per attack on the open market, these exploits are very valuable to hackers.
In 2021 there have been at least 66 zero-days discovered, which is almost double the previous year, and more than any year previously recorded.
So, what is a Zero-day vulnerability?
Zero-day vulnerability, or sometimes written as “0Day” is a security flaw in an internet-connected device or software that is known to the vendor but has no patch in place to fix the flaw. The time that passes between the discovery of the flaw and the implementation of a patch is a sweet spot for hackers. In an article by Dave Wallen, he likens this incident to “. . . a thief sneaking in through a backdoor that was accidentally left unlocked”. These types of attacks are not easily found, and it can often take time for the vendors to discover that their system was vulnerable.
Who are the victims of a Zero-day Attack?
Zero-day attacks are often reserved for high value targets, such as financial and medical institutions. These attacks cause businesses to lose revenue and reputation without ever knowing the real reason for it.
What does this increase in the number of attacks tell us?
According to the VP of Cloud Security at Microsoft, the increase we are seeing can either be a negative fact or a positive one. To further explain, there are factors in play that could show either an increase of actual attacks or just an increase in attacks found.
In recent years, there have been a plethora of hacking tools that have infiltrated the scene, as well as a large increase of powerful groups that are pouring large amounts of cash into these exploits to use for themselves. China is considered one of these groups and is thought to be responsible for at least 9 of the attacks reported in 2021.
On the other hand, Cyberdefenders are sharpening their skills. The increase in reported attacks could also mean that it’s not really an increase in attacks, but more so that experts are getting better at finding them. Two components that professionals use to track these events are increased funds for defense, and continual improvement of security tools.
What are we doing at Limetree Labs to help protect you, the customer?
Our Director of IT, Chadd Mazac, explains it best:
“Here at Limetree Labs, we utilize our computer management system to check for vulnerabilities on a daily basis, and then automatically deploy fixes to all customers if a vulnerability is spotted.”
For all our customers fixes are deployed automatically, and for those with our Security Bundle the tools included implement the patches even faster, decreasing the amount of time the vulnerability is left open to hackers.
If you are not currently on our Security Bundle and would like to know more about how to better protect yourself and your company from malicious cyberattacks, reach out to us today!
