Month: April 2022

Enlarge / VPNfilter had a total of nine modular tools discovered thus far by researchers, potentially turning thousands of routers into a versatile attack platform.

Previously unknown “zero-day” software vulnerabilities are mysterious and intriguing as a concept. But they're even more noteworthy when hackers are spotted actively exploiting the novel software flaws in the wild before anyone else knows about them. As researchers have expanded their focus to detect and study more of this exploitation, they're seeing it more often. Two reports this week from the threat intelligence firm Mandiant and Google's bug hunting team, Project Zero, aim to give insight into the question of exactly how much zero-day exploitation has grown in recent years.

Mandiant and Project Zero each have a different scope for the types of zero-days they track. Project Zero, for example, doesn't currently focus on analyzing flaws in Internet-of-things devices that are exploited in the wild. As a result, the absolute numbers in the two reports aren't directly comparable, but both teams tracked a record high number of exploited zero-days in 2021. Mandiant tracked 80 last year compared to 30 in 2020, and Project Zero tracked 58 in 2021 compared to 25 the year before. The key question for both teams, though, is how to contextualize their findings, given that no one can see the full scale of this clandestine activity.

Enlarge (credit: Zipline International)

Six years ago, Rwanda had a blood delivery problem. More than 12 million people live in the small East African country, and like those in other nations, sometimes they get into car accidents. New mothers hemorrhage. Anemic children need urgent transfusions. You can’t predict these emergencies. They just happen. And when they do, the red stuff stored in Place A has to find its way to a patient in Place B—fast.

That’s not a huge problem if you live in a city. In the United States and the United Kingdom, 80 percent of the population clusters around urban hubs with high-traffic hospitals and blood banks. In African nations like Libya, Djibouti, and Gabon, about 80 to 90 percent of the populations live in cities, too. But in Rwanda, that number flips: 83 percent of Rwandans live in rural areas. So, traditionally, when remote hospitals needed blood, it came by road.

That’s not ideal. The country is mountainous. Roads can be hot, long, and bumpy. If kept cool, donated blood can be stored for just a month or so, but some components that hospitals isolate for transfusions—like platelets—will spoil in days. A turbulent drive is not a perfect match for such finicky cargo.