Data breaches, hacking events, and ransomware attacks are on the rise, and experts have uncovered what may be a contributing factor: the number of previously unknown software vulnerabilities that hackers have exploited to break into networks has more than doubled in the last year.
The number of zero-day vulnerabilities–meaning software flaws that even the publisher doesn’t know about, and only becomes aware of after a hacker exploits it–increased from 24 in 2014 to 54 in 2015, according to a report on the state of cybersecurity from Symantec.
The incredible increase (a previous record-high was 17 such vulnerabilities in 2007, which was broken in 2013 and increased every year after) in these software holes and the number of hackers who exploit them has long been believed to involve people with nothing better to do but test out software and go looking for the flaws. That may have been the case for a while, back when 2007 was considered a record-setting year, but a new operating method has been established, one that involves an online underground market that lets hackers share and sell kits on forums. Even then, Adobe–one of the companies with the highest number of vulnerabilities, has stated that it takes only days to write and issue the necessary patch to secure the hole.
That may be, but it’s information that comes too little, too late following a widespread data breach.
Of course, the software publishers aren’t the only one being caught unawares. Reports came out yesterday that one group of hackers ended up protecting a significant number of Flash users when they accidentally screwed up their attempt to exploit a Flash hole, thereby closing off the vulnerability and alerting Adobe to the issue.