Posted on July 15, 2021 at 2:39 PM
Google Discovers New Malware Campaign That Exploits Zero-Days
Researchers at tech giant Google Inc. revealed that they discovered malware campaigns exploiting previously unknown flaws in Google Chrome, Webkit, and Explorer.
Google’s Threat Analysis Group (TAG) and Zero researchers collaborated to detect the hacking incident. They also made necessary recommendations to users to protect them from the attacks.
The Google researchers stated that they are seriously hunting for vulnerabilities because they can be very dangerous when exploited.
According to the report, the zero-days discovered were part of three malware campaigns earlier discovered this year. Google says the threat actors can exploit these vulnerabilities until they are discovered and patched.
Two TAG researchers Clement Lecigne and Maddie Stone have detailed their findings of the vulnerabilities in a recent blog post.
The post claimed that three of the exploits are from a single commercial surveillance firm that delivered the capabilities to two threat actors supported by two different governments.
A high increase of Zero-days
The threat actors responsible for zero-day attacks usually want to keep them hidden as they exploit the systems and cause more havoc. As a result, the attack seems more useful and effective. The TAG team stated that there could be several other factors that contribute to the high increase in the number of zero-days seen the wide recently.
One of the main factors could be an increase in utilization. In other words, more zero attacks are springing up because there are a lot more of them in the wide.
While security researchers frequently detect zero-days, those zero-days that are undetected are far greater than the detected ones, the Google security team stated.
“Overall, the industry detects only a small percentage of the 0-days being used,” the TAG team stated in the blog post, adding that it will be great to increase the detection for zero-days.
It will enable the companies and their security teams to quickly fix those vulnerabilities and offer more protection to users. An increased zero-day detection will also offer the chance to have a clearer picture of the level of exploitation that is taking place in the industry.
With this, it will help security researchers make more informed decisions regarding user protection and how best to fight the attacks.
Threat actors have been very active this year
Apart from disclosure efforts and greater detection, Google also noted that the uptick in zero-days is a result of the proliferation of commercial vendors who are selling access to zero-days. Although these vendors were doing the same thing in 2020, it seems their activities have increased over the past year.
Accordingly, there have been a greater number of zero-days discovered in the wild due to these factors, the Google research team said.
The Google researchers also stated that threat actors, especially those exploiting zero-days, have been very active this year.
33 zero-days have been publicly disclosed so far this year, which is 11 higher than the number throughout 2020.
The Google team noted that in the past, zero-day capabilities are left in the hands of state actors with the technical strength to turn them into exploits and use them for operations. However, more private firms have now entered the marketplace to sell these zero-days. As a result, threat actors and other groups do not need to have any technical expertise to exploit, the Google team stated in the blog post.
Threat actors likely sponsored by Russia
With the Safari zero-day exploit, threat actors are using LinkedIn Messaging to launch attacks on government officials in the U.S and western European countries.
They attach malicious links to their targets, directing them to the controlled domains of the threat actors.
The compromised device usually initiates the attack through zero-day when the target clicks on the link from an iOS device.
The TAG team said that its investigation revealed that the attackers are probably sponsored by the Russian government. The group exploited the zero-day to target devices running old iOS versions. Google said its security team has already informed Apple about the bug and it was patched on March 26 in an iOS update.