Search This Blog

Powered by Blogger.

Blog Archive

Labels

Project Zero- Exploited Flaws in H1 2022 Variants of Previous Flaws

In H1 2022, around half of the Zero-day vulnerabilities exploited in attacks were linked to old flaws not appropriately patched.

Project Zero

Google Project Zero says that in H1 2022, around half of the Zero-day vulnerabilities exploited in attacks were linked to old flaws not appropriately patched. Maddie Stone, a researcher in Google Project Zero posted a blog post continuing part of her speech at the First conference held in June 2022, her presentation is called "0-day In The Wild Exploitation in 2022...so far." 

Stone disclosed that 9 out of 18 zero-day vulnerabilities identified and revealed as exploited in-the-wild in 2022 are variants of earlier patched vulnerabilities. 

"As of June 15, 2022, 18 0-days detected and disclosed as exploited in-the-wild in 2022. When we analyzed those 0-days, we found that at least nine of the 0-days are variants of previously patched vulnerabilities. At least half of the 0-days we’ve seen in the first six months of 2022 could have been prevented with more comprehensive patching and regression tests.” said Stone in her blog. “On top of that, four of the 2022 0-days are variants of 2021 in-the-wild 0-days. Just 12 months after the original in-the-wild 0-day patched, attackers came back with a variant of the original bug.” It suggests that the attacks in most incidents weren't sophisticated and the players that exploited the flaws returned and triggered the known vulnerability via a different technique. 

For instance, the Follina Windows vulnerability found recently, known as CVE-2022-30190, is another variant for CVE-2021-40444. 

"When 0-day exploits are detected in-the-wild, it’s the failure case for an attacker. It’s a gift for us security defenders to learn as much as we can and take action to ensure that that vector can’t be used again. The goal is to force attackers to start from scratch each time we detect one of their exploits: they’re forced to discover a whole new vulnerability, they have to invest the time in learning and analyzing a new attack surface, and they must develop a brand new exploitation method.” writes Stone. "To do that effectively, we need correct and comprehensive fixes." 

To deal properly with Zero-day vulnerabilities, Google experts suggest platform security teams and other freelance security experts invest in root cause analysis, patch analysis, variant analysis, and exploit technique analysis. 
Share it:

Cyber Security

Cybersecurity

Google

Project Zero

Zero Day