The Weaponization of Zero-day Exploits Becoming a New Favourite of Attackers

According to the data gathered by Google's Project Zero, threat actors have been steadily working on new zero-day vulnerabilities to target their victims.
  • Within the first six months of 2020, a total of 11 new zero-day vulnerabilities have been disclosed, that were being exploited in the wild.
  • It is expected that by the end of 2020, this count will reach a total of 20, which is exactly the number of zero-day vulnerabilities found during the year 2019 as well.

Why should we worry?

The identified zero-day vulnerabilities are associated with commonly used operating systems, web browsers, office productivity tools, and security products, making them common exploitable threats against a large number of users.
  • Five of the 11 vulnerabilities are associated with web browsers, including Firefox (3), Internet Explorer (1), and Chrome (1).
  • Three vulnerabilities were related to Windows OS, while the other two vulnerabilities were related to TrendMicro’s Apex One/OfficeScan.
  • One vulnerability was related to Sophos XG Firewall.

Known threats in the wild

Attackers have already started exploiting these vulnerabilities in the wild.
  • Asnarök Trojan was seen exploiting the SQL injection vulnerability (CVE 2020-12271) in Sophos XG Firewall, which had resulted in remote code execution on some of the firewall products in April 2020.
  • An APT group dubbed Peninsula was seen exploiting the zero-day flaws in Firefox and Internet Explorer in attacks aimed at China and Japan.

Motivated hackers

A recent report by FireEye suggests that the zero-days are leveraged mostly by financially motivated groups, followed by espionage groups of major cyber powers. The report also predicts that in the near future, a greater number of threat actors are expected to use zero-days, including the private vendors working on the development of offensive cyber weapons.