Connect with us
Record number of attacks using 0Day vulnerabilities recorded in 2021 Record number of attacks using 0Day vulnerabilities recorded in 2021

Security

Record number of attacks using 0Day vulnerabilities recorded in 2021

Published

on

More than 66 zero-day exploits were discovered this year – nearly double the number in 2020.

In 2021, cybersecurity experts recorded the largest number of zero-day exploits in history. According to databases like 0-day tracking project There were at least 66 zero-day exploits detected this year – nearly double the number in 2020 and more than any other year.

One of the factors contributing to the increase in the number of reports of 0Day vulnerabilities is the rapid global spread of hacking tools. At the pinnacle of cybercrime are government-sponsored hackers. It is estimated that only Chinese hackers are responsible for nine cases of exploitation of zero-day vulnerabilities this year. The US and its allies clearly have some of the most sophisticated hacking capabilities, and there is increasing talk of more aggressive use of these tools.

In the burgeoning exploit market, it is easier than ever to acquire knowledge of the 0Day vulnerability in the burgeoning exploit market, experts say. What was once overly expensive is now more affordable.

“We’ve seen these APT groupings turn to the NSO Group or Candiru, these increasingly prominent companies that allow countries to trade financial resources for offensive capabilities,” the experts said.

In recent years, cybercriminals have exploited zero-day vulnerabilities for financial gain (for example, in the July cyberattack against the US-based MSP provider Kaseya) by running ransomware on victims’ systems. One third of tracked zero-day vulnerabilities can be directly related to financially motivated participants, experts say.

Even if zero days are seen more often than ever, they are becoming more difficult and more expensive to exploit. Security improvements and sophistication have meant that hackers have to do more cracking work than they did a decade ago. When faced with improved security, hackers often have to bundle multiple exploits instead of just one. These exploit chains require more zero-day vulnerabilities.

According to experts, attackers “are forced to invest more and take more risks to achieve their goals.” One of the important signals is the rising cost of the most valuable exploits. Over the past three years, the cost of the most serious breaches has increased by 1,150%.

Click to comment

Leave a Reply

Your email address will not be published.

Security

Hackers hacked Europe’s largest missile manufacturer

Published

on

Hackers hacked Europes largest missile manufacturer

Unknown hackers, acting under the nickname Adrastea, hacked into the database of the largest European missile manufacturer – MBDA, formed as a result of the merger of the French Aérospatiale-Matra Missiles, the British Matra BAe Dynamics and the Italian Finmeccanica-Leonardo. This was reported by Security Affairs.

Hackers hacked Europe's largest missile manufacturer

The attackers’ message about gaining access to the company’s network appeared on one of the forums. As evidence, a link to an archive with demo files was attached.

The total amount of stolen data was estimated by hackers at 60 GB. “The uploaded data contains confidential and confidential information about your company’s employees who took part in the development of closed military projects MBDA (PLANCTON, CRONOS, CA SIRIUS, EMADS, MCDS, B1NT, etc..) and about your company’s commercial activities in the interests of the EU Ministry of Defense (design documentation for air defense systems, missile systems and coastal defense systems, drawings, presentations, video and photo (3D) materials, contract agreements and correspondence with other companies Rampini Carlo, Netcomgroup, Rafael, Thales, ST Electronics, etc.”, the hackers wrote.

Adrastea is ready to discuss the cost of the stolen data array. MBDA has not yet commented on the incident.

MBDA manufactures a wide variety of missiles and related installations. For example, the company produces air-to-air missiles AIM-132 ASRAAM (short range, with IR guidance), MBDA Meteor (long range), MICA (medium range, with IR and radar guidance). The company’s product range also includes surface-to-air missiles – Mistral (MANPADS), MBDA Aster (medium and long range), Aspide Mk.1 (medium range), Sea Wolf (SAM), anti-ship (Exocet, Otomat, Marte, Sea Skua) and anti-tank (ERYX, Brimstone, HOT) missiles.

Continue Reading

Security

Samsung is ahead of the curve again. The company released the August security patch for three flagship lines at once

Published

on

Samsung is ahead of the curve again The company released

Samsung was the first company in the market to release the August security patch for its smartphones. Moreover, for three flagship lines at once: Galaxy S20, S21 and S22.

Samsung is ahead of the curve again.  The company released the August security patch for three flagship lines at once

Today, owners of these smartphones in Germany began to receive updates, including a security patch. Usually, users from other countries do not have to wait long. The August security patch fixes dozens of vulnerabilities, so it’s quite important.

Samsung has sometimes been ahead of even Google in recent years, releasing security patches earlier and offering longer support for its flagships, although just three or four years ago, Samsung was almost the worst in this matter.

Continue Reading

Security

Hacker withdrew about $6 million worth of ETH from decentralized streaming platform Audius

Published

on

Hacker withdrew about 6 million worth of ETH from decentralized

Audius (AUDIO) is an artist-run, community-owned music streaming platform that aims to enable anyone to freely distribute, monetize, and stream audio.

Hacker withdrew about $6 million worth of ETH from decentralized streaming platform Audius

Audius aims to return money and power to artists by connecting them directly to listeners and removing record labels and middlemen from the equation.

If bitcoin can be called the digital analogue of gold, then, according to the developers, Audius aims to be the next Spotify or SoundCloud on the blockchain. “The cryptocurrency music app aims to decentralize and democratize the music industry and give artists back more money and control.”

An unknown person was able to change the configuration of the smart contract for managing Audius, and then created a malicious offer to withdraw $6 million in AUDIO tokens.

Hacker withdrew about $6 million worth of ETH from decentralized streaming platform Audius

An unknown person was able to change data on the voting time for the proposal in the Audius smart contract, as well as the delay in the execution of the voting result. As a result of the fraud, the attacker brought the stolen cryptocurrency for sale, however, due to market slippage, he was able to sell a cryptocurrency worth $6 million for only $1.1 million in Ethereum.

According to the attacker’s address transfer history, the cryptocurrency received from the sale was “laundered” at 100 ETH per transaction through the Tornado Cash mixer.

Audius representatives confirmed the hack. The project developers claim that the functionality of the smart contract has been resumed after a detailed study. Whether Audius will compensate investors for losses remains unclear.

Continue Reading

Most Popular