The Weaponization of Zero-day Exploits Becoming a New Favourite of Attackers
According to the data gathered by Google's Project Zero, threat actors have been steadily working on new zero-day vulnerabilities to target their victims.
- Within the first six months of 2020, a total of 11 new zero-day vulnerabilities have been disclosed, that were being exploited in the wild.
- It is expected that by the end of 2020, this count will reach a total of 20, which is exactly the number of zero-day vulnerabilities found during the year 2019 as well.
Why should we worry?
The identified zero-day vulnerabilities are associated with commonly used operating systems, web browsers, office productivity tools, and security products, making them common exploitable threats against a large number of users.
- Five of the 11 vulnerabilities are associated with web browsers, including Firefox (3), Internet Explorer (1), and Chrome (1).
- Three vulnerabilities were related to Windows OS, while the other two vulnerabilities were related to TrendMicro’s Apex One/OfficeScan.
- One vulnerability was related to Sophos XG Firewall.
Known threats in the wild
Attackers have already started exploiting these vulnerabilities in the wild.
- Asnarök Trojan was seen exploiting the SQL injection vulnerability (CVE 2020-12271) in Sophos XG Firewall, which had resulted in remote code execution on some of the firewall products in April 2020.
- An APT group dubbed Peninsula was seen exploiting the zero-day flaws in Firefox and Internet Explorer in attacks aimed at China and Japan.
A recent report by FireEye suggests that the zero-days are leveraged mostly by financially motivated groups, followed by espionage groups of major cyber powers. The report also predicts that in the near future, a greater number of threat actors are expected to use zero-days, including the private vendors working on the development of offensive cyber weapons.