Hackers get 10 Months to exploit using 0-day attacks before world finds out

A new study shows that hackers exploit security vulnerabilities in software for 10 months on average before details of the holes surface in public.

Researchers Bilge and Tudor Dumitra used data collected from 11 million PCs running Symantec's antivirus software to correlate a catalogue of zero-day attacks with malware found on those machines. Using that retrospective analysis, they found 18 attacks that represented zero-day exploits between February 2008 and March of 2010, only seven of which were previously known to have been exploited prior to their public discovery. They also found that those attacks continued 312 days on average–up to 2.5 years in some cases–before the security community became aware of them.

"In fact, 60% of the zero-day vulnerabilities we identify in our study were not known before, which suggests that there are many more zero-day attacks than previously thought—perhaps more than twice as many," the researchers write. "While the average duration is approximately 10 months, the fact that all but one of the vulnerabilities disclosed after 2010 remained unknown for more than 16 months suggests that we may be underestimating the duration of zero-day attacks."

The study shows that hackers target common software like Microsoft Word, Flash and Adobe Reader. Sixteen of the 18 zero-day exploits discovered and analyzed in the study affected Microsoft and Adobe software.

Read more -here-

• Dropbox breach exposes customer credentials, authentication data
• Google: Passkey authentications top 1 billion across 400 million accounts
• FTC fines Razer for misrepresenting COVID masks as N95s
• FCC fines Verizon, AT&T other major carriers nearly $200 million for sharing customer data
• Federal regulators accuse Amazon executives of deleting messages
• FCC restores net neutrality rules