top of page

The continued rise of zero-day attacks

Researchers at both FireEye Mandiant Threat Intelligence and Google’s Project zero reported that 2021 was a record year for zero-day vulnerabilities.

Mandiant researchers warned on the surge of exploited zero-days in a recent report.

According to the company, 80 zero-day issues were exploited last year, which is more than double the previous record volume in 2019.

Google’s Project Zero researchers reported that 58 zero-days were discovered in 2021, compared to 28 detected in 2020 as shown in the graph below. This marks a record for the company since it started tracking these issues from mid-2014.

Although Mandiant and Project Zero each have a different scope for the types of zero-days they track, for example Project Zero does not currently report on vulnerabilities in internet-of-things devices, this research still heavily demonstrates a record high number of exploited zero-days across the threat landscape throughout 2021.

What’s a zero-day vulnerability?

A zero-day vulnerability is defined as a vulnerability being exploited in the wild before a patch or fix is made publicly available. Zero-day exploits are an attractive attack vector as activity can often go unnoticed allowing threat actors to gain initial access and gain a higher chance of carrying out a range of further malicious activities, including the deployment of malware and ransomware.

In total, the security researchers analysed zero-day vulnerabilities from 12 vendors, and found Microsoft, Apple and Google products comprised 75 percent of the exploits.

The organisations’ prevalence, larger attack surface and the additional potential for exploitation of third parties make them both easy and attractive targets for threat actors. While state-sponsored groups were responsible for the majority of the identification and use of the zero-day exploits, researchers also observed a growing number of financially motivated threat groups utilising zero-days in the last year.

Although the research reveals a surge in zero-day exploits, it is important to point out detection and public knowledge have also increased significantly.

Project Zero noted an increased level of information was available regarding zero-day vulnerabilities in 2021 compared to previous years due to a number of different reasons: greater investment into detection, a higher number of reports about zero-days used in the wild than ever before, and both vendors and security organisation improving their bulletins and advisories to address issues.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page