Security News > 2022 > April > Now Mandiant says 2021 was a record year for exploited zero-day security bugs

The number of zero-day vulnerabilities exploited in the wild reached an all-time high last year, according to Mandiant.

The security shop identified 80 such actively abused flaws in 2021, which Mandiant researcher James Sadowski noted is more than double the previous zero-day record from 2019.

Similar to Mandiant's 2020 analysis, in 2021 state-sponsored groups exploited the most zero-day security bugs, and once again Chinese cyber espionage groups racked up the largest number of zero-days: eight.

"We observed an increase in the number of nations likely exploiting zero-days, particularly over the last several years, and at least 10 separate countries likely exploited zero-days since 2012," Sadowski wrote.

Interestingly, Mandiant did not identify any zero-day exploits used by Russian GRU-sponsored APT28, also known as Fancy Bear, until they "Likely" exploited a Microsoft Excel zero-day late last year.

In total, the security researchers analyzed zero-day vulnerabilities from 12 vendors last year, and found Microsoft, Apple and Google products comprised 75 percent of the exploits in 2021.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/23/zeroday_exploits_2021/