More Attackers Have Begun Using Zero-Day Exploits

More Attackers Have Begun Using Zero-Day Exploits
Vendors of offensive cyber tools have made it easy for any threat group with the right funds to leverage unpatched bugs, FireEye says.

Sophisticated advanced persistent threat groups are no longer the only ones leveraging zero-day exploits.


An analysis by FireEye of exploit activity last year showed that more cyberattackers exploited more zero-day vulnerabilities in 2019 than in any of the previous three years.


While known threat groups accounted for a substantial portion of the activity, FireEye found that a wide range of other groups leveraged zero-day exploits as well. In particular, researchers from FireEye observed a significant increase over time in zero-day exploit activity by international governments, US and other law enforcement agencies, and other customers of companies selling offensive cyber weapons.


"From 2012 to 2016, the actors most frequently using zero-days tended to be among the most sophisticated," says Kelli Vanderlee, manager of intelligence analysis at FireEye Mandiant.


But since about 2017, the field has substantially diversified, at least partially due to the role of vendors offering offensive cyber threat capabilities.


Examples of such vendors include the Hacking Team of Italy, NSO Group based in Israel, and Gamma International in the UK. Such firms have been observed selling cyber espionage and intrusion software and services — including zero-day exploits to governments and other entities for several years. Those that are said to have benefited from these tools include governments with dubious human rights records such as Sudan, Ethiopia, and Uzbekistan, Vanderlee says.


In 2019, tools provided by such private cyber offensive security firms were used in multiple attacks, according to FireEye.


Examples include a zero-day exploit in WhatsApp (CVE-2019-3568) that was used to distribute sp ..

Support the originator by clicking the read the rest link below.