Google reported that 2021 was a record year for zero-day exploits, the highest number since Google began tracking them. However, the company states that this could be a result of improved detection efforts and disclosure procedures rather than increased criminal activity. Project Zero, Google’s exploit team, tracked 58 zero-day exploits in 2021. This figure was far more than the previous maximum number detected, 28 in 2018. In addition, vendors used by Google are also ramping up security efforts and doing a better job at finding these vulnerabilities and disclosing them.
Project Zero researchers stated that despite the record number of zero-day vulnerabilities, attacker methodology hasn’t seen much change from previous years. Attackers are using the same bug patterns and exploitation techniques to target the same attack services, leading researchers to believe that this could be taken advantage of by defenders. Vendors can make things more difficult for threat actors by publicly disclosing bugs whenever they are being exploited in the wild, urging users to implement patches and eliminating the possibility for a cyberattack.
