The Weaponization of Zero-day Exploits Becoming a New Favourite of Attackers | Cyware Alerts


According to the data gathered by Google’s Project Zero, threat actors have been steadily working on new zero-day vulnerabilities to target their victims.
  • Within the first six months of 2020, a total of 11 new zero-day vulnerabilities have been disclosed, that were being exploited in the wild.
  • It is expected that by the end of 2020, this count will reach a total of 20, which is exactly the number of zero-day vulnerabilities found during the year 2019 as well.

Why should we worry?

The identified zero-day vulnerabilities are associated with commonly used operating systems, web browsers, office productivity tools, and security products, making them common exploitable threats against a large number of users.

  • Five of the 11 vulnerabilities are associated with web browsers, including Firefox (3), Internet Explorer (1), and Chrome (1).
  • Three vulnerabilities were related to Windows OS, while the other two vulnerabilities were related to TrendMicro’s Apex One/OfficeScan.
  • One vulnerability was related to Sophos XG Firewall.

Known threats in the wild

Attackers have already started exploiting these vulnerabilities in the wild.

  • Asnarök Trojan was seen exploiting the SQL injection vulnerability (CVE 2020-12271) in Sophos XG Firewall, which had resulted in remote code execution on some of the firewall products in April 2020.
  • An APT group dubbed Peninsula was seen exploiting the zero-day flaws in Firefox and Internet Explorer in attacks aimed at China and Japan.

Motivated hackers

A recent report by FireEye suggests that the zero-days are leveraged mostly by financially motivated groups, followed by espionage groups of major cyber powers. The report also predicts that in the near future, a greater number of threat actors are expected to use zero-days, including the private vendors working on the development of offensive cyber weapons.



Source link

Recent articles

Mobileye, Geely to Offer Most Robust Driver-Assistance Features

Chinese automaker Geely Auto Group unveiled its premium electric vehicle, the Zero Concept from Lynk & Co,...

Japan and S Korea need to repair ties, cooperate on N Korea: PM | Japan

Yoshihide Suga says it is time to mend frayed ties in call with South Korea’s President Moon Jae-in.Japan and South Korea must cooperate...

Metal Gear Solid PS5 Remake in the Works as Console Exclusive

Remember when everyone was frantically trying to guess what remake Bluepoint set to work on after they finished Shadow of the Colossus? The...

How canceled student-loan and mortgage debts could affect your taxes in the COVID-19 era

In this COVID-19 ravaged economy, debts can pile up beyond a borrower’s ability to repay. However, lenders are sometimes willing to forgive (cancel)...

‘Brain-Boosting’ Supplements Are Full of Unapproved, Untested Drugs, Study Finds

Image: Gizmodo/Stem Cell Research via Getty Images (Getty Images)Supplements that supposedly improve brain health and functioning, known as...

Chief Executive of Embattled Alaskan Mine Project Resigns

The chief executive of the partnership developing the Pebble Mine in Alaska resigned on Wednesday over comments made in meetings recorded by an...

Leave a reply

Please enter your comment!
Please enter your name here