Half of Day Zero Bugs Observed in 2022 Were Variants of Old Ones, Google Project Zero Reveals | Markus Spiske from Pexels
Half of the zero-day vulnerabilities recorded in the first half of 2020 were just variations of old ones, and could have been avoided if the manufacturers of the affected products had made the effort to correct them correctly, according to the latest research.
The revelation was made by researchers from Google Project Zero (GPZ), a dedicated team of cybersecurity experts and Google analysts who focus exclusively on zero-day vulnerabilities. A “zero day” is so named because it is only revealed when a hacker exploits it. In other words, there is no day between its discovery and its exploitation. Needless to say, zero days are among the most severe vulnerabilities for this very reason.
According to research by GPZ, a total of 18 zero days were discovered in the first half of 2022, and of these, nine were nothing more than slightly different versions of zero days mined in the past.
“At least half of the zero days we saw in the first six months of 2022 could have been avoided with more comprehensive remediation and regression testing. On top of that, four of the zero days of 2022 are variants of the zero days of 2021 in nature. Just 12 months after the original zero-day patch went wild, attackers came back with a variant of the original bug,” GPZ’s Maddie Stone said in an update posted on their official blog.
While the companies affected by these zero days are based all over the world, Indians make up a large part of their consumer base. These include operating systems, browsers and software solution providers.
Of the nine zero days reported by GPZ as variants of old, three were found in Windows, the most widely used operating system for computers around the world. This includes the infamous Follina vulnerability which, although exploited since 2021, was only officially acknowledged earlier this year. India is one of the countries in which hackers have allegedly actively exploited Follina.
GPZ’s research details previous versions as well as 2022 zero days, along with the Common Vulnerabilities and Exposures (CVE) number assigned to each, old versions and new ones. In any case, GPZ found that the old zero days were only superficially fixed, but the root cause was not addressed. As a result, the hackers were able to get to the root cause of the vulnerability and simply modified their previous code to exploit it again.
“When zero-day exploits are detected in the wild, that’s the failing case for an attacker. It is a gift for us as security advocates to learn as much as possible and take action to ensure that this vector can no longer be used. The goal is to force attackers to start from scratch each time we detect one of their exploits: they are forced to discover a whole new vulnerability, they have to invest time in learning and analyzing a new surface. attack, and they must develop a whole new method of exploitation. To do this effectively, we need proper and comprehensive patches,” Stone said in his post.