Zero-day vulnerabilities are unknown software flaws. Until they’re identified and fixed, they can be exploited by attackers. Google’s Threat Analy

How we protect users from 0-day attacks

submited by
Style Pass
2021-07-15 02:30:03

Zero-day vulnerabilities are unknown software flaws. Until they’re identified and fixed, they can be exploited by attackers. Google’s Threat Analysis Group (TAG) actively works to detect hacking attempts and influence operations to protect users from digital attacks, this includes hunting for these types of vulnerabilities because they can be particularly dangerous when exploited and have a high rate of success.

In this blog, we’re sharing details about four in-the-wild 0-day campaigns targeting four separate vulnerabilities we’ve discovered so far this year: 

The four exploits were used as a part of three different campaigns. As is our policy, after discovering these 0-days, we quickly reported to the vendor and patches were released to users to protect them from these attacks. We assess three of these exploits were developed by the same commercial surveillance company that sold these capabilities to two different government-backed actors. Google has also published root cause analyses (RCAs) on each of the 0-days.

In addition to the technical details, we’ll also provide our take on the large uptick of in-the-wild 0-day attacks the industry is seeing this year. Halfway into 2021, there have been 33 0-day exploits used in attacks that have been publicly disclosed this year — 11 more than the total number from 2020. While there is an increase in the number of 0-day exploits being used, we believe greater detection and disclosure efforts are also contributing to the upward trend.

Leave a Comment