Connect with us

Google

How we protect users from 0-day attacks

Why So Many 0-days?There is not a one-to-one relationship between the number of 0-days being used in-the-wild and the number of 0-days being detected and disclosed as in-the-wild. The attackers behind 0-day exploits generally want their 0-days to stay hidden and unknown because that’s how they’re most useful. Based on this, there are multiple factors that…

Published

on

Why So Many 0-days?

There is not a one-to-one relationship between the number of 0-days being used in-the-wild and the number of 0-days being detected and disclosed as in-the-wild. The attackers behind 0-day exploits generally want their 0-days to stay hidden and unknown because that’s how they’re most useful. 

Based on this, there are multiple factors that could be contributing to the uptick in the number of 0-days that are disclosed as in-the-wild:

Increase in detection & disclosure

This year, Apple began annotating vulnerabilities in their security bulletins to include notes if there is reason to believe that a vulnerability may be exploited in-the-wild and Google added these annotations to their Android bulletins. When vendors don’t include these annotations, the only way the public can learn of the in-the-wild exploitation is if the researcher or group who knows of the exploitation publishes the information themselves. 

In addition to beginning to disclose when 0-days are believed to be exploited in-the-wild, it wouldn’t be surprising if there are more 0-day detection efforts, and successes, occurring as a result. It’s also possible that more people are focusing on discovering 0-days in-the-wild and/or reporting the 0-days that they found in the wild.

Increased Utilization

There is also the possibility that attackers are using more 0-day exploits. There are a few reasons why this is likely:

  • The increase and maturation of security technologies and features mean that the same capability requires more 0-day vulnerabilities for the functional chains. For example, as the Android application sandbox has been further locked down by limiting what syscalls an application can call, an additional 0-day is necessary to escape the sandbox. 
  • The growth of mobile platforms has resulted in an increase in the number of products that actors want capabilities for. 
  • There are more commercial vendors selling access to 0-days than in the early 2010s.
  • Maturing of security postures increases the need for attackers to use 0-day exploits rather than other less sophisticated means, such as convincing people to install malware. Due to advancements in security, these actors now more often have to use 0-day exploits to accomplish their goals. 

Conclusion

Over the last decade, we believe there has been an increase in attackers using 0-day exploits. Attackers needing more 0-day exploits to maintain their capabilities is a good thing — and it  reflects increased cost to the attackers from security measures that close known vulnerabilities. However, the increasing demand for these capabilities and the ecosystem that supplies them is more of a challenge. 0-day capabilities used to be only the tools of select nation states who had the technical expertise to find 0-day vulnerabilities, develop them into exploits, and then strategically operationalize their use. In the mid-to-late 2010s, more private companies have joined the marketplace selling these 0-day capabilities. No longer do groups need to have the technical expertise, now they just need resources. Three of the four 0-days that TAG has discovered in 2021 fall into this category: developed by commercial providers and sold to and used by government-backed actors.

Meanwhile, improvements in detection and a growing culture of disclosure likely contribute to the significant uptick in 0-days detected in 2021 compared to 2020, but reflect more positive trends. Those of us working on protecting users from 0-day attacks have long suspected that overall, the industry detects only a small percentage of the 0-days actually being used. Increasing our detection of 0-day exploits is a good thing — it allows us to get those vulnerabilities fixed and protect users, and gives us a fuller picture of the exploitation that is actually happening so we can make more informed decisions on how to prevent and fight it.

We’d be remiss if we did not acknowledge the quick response and patching of these vulnerabilities by the Apple, Google, and Microsoft teams. 

Source

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Google

Survey shows how people decide what to trust online

Alex Mahadevan is director of MediaWise at the Poynter Institute. He has taught digital media literacy to thousands of middle and high schoolers, and has trained hundreds of journalists from around the world in verification and digital investigative tools. We caught up with Alex to find out about a recent information literacy survey his organization…

Published

on

By

Alex Mahadevan is director of MediaWise at the Poynter Institute. He has taught digital media literacy to thousands of middle and high schoolers, and has trained hundreds of journalists from around the world in verification and digital investigative tools. We caught up with Alex to find out about a recent information literacy survey his organization conducted in partnership with YouGov, with support from Google. Learn more about how Google is working on information literacy and helping you spot misinformation online.

Why was this survey conducted?

Misinformation isn’t a new problem, but it’s becoming increasingly difficult to separate fact from fiction, especially on the internet. We wanted to learn more about how people across generational lines verify information and decide what to trust and share online. And we knew this research would help us expand on the educational resources MediaWise has to offer.

What were the parameters for the survey?

We surveyed more than 8,500 respondents of various ages in the United States, Brazil, the United Kingdom, Germany, Nigeria, India and Japan. We asked a wide range of questions aimed at assessing information literacy skills and verification habits. Those include queries about everything from the tools and techniques someone uses to investigate a post they see online, to the reasons why they may have shared misleading information in the past.

What are some of the biggest takeaways?

The survey found that 62% of respondents think they see false or misleading information on at least a weekly basis – that’s a staggering number. And people are aware that it’s a serious issue. Roughly 50% of all Gen X, Millennial and Gen Z respondents (these are people ages 18 to 57) said they’re concerned about their family being exposed to it.

Source

Continue Reading

Google

New ways we’re helping you find high-quality information

AI models are also helping our systems understand when a featured snippet might not be the most helpful way to present information. This is particularly helpful for questions where there is no answer: for example, a recent search for “when did snoopy assassinate Abraham Lincoln” provided a snippet highlighting an accurate date and information about…

Published

on

By

AI models are also helping our systems understand when a featured snippet might not be the most helpful way to present information. This is particularly helpful for questions where there is no answer: for example, a recent search for “when did snoopy assassinate Abraham Lincoln” provided a snippet highlighting an accurate date and information about Lincoln’s assassination, but this clearly isn’t the most helpful way to display this result.

We’ve trained our systems to get better at detecting these sorts of false premises, which are not very common, but are cases where it’s not helpful to show a featured snippet. We’ve reduced the triggering of featured snippets in these cases by 40% with this update.

Information literacy

Beyond designing our systems to return high-quality information, we also build information literacy features in Google Search that help people evaluate information, whether they found it on social media or in conversations with family or friends. In fact, in a study this year, researchers found that people regularly use Google as a tool to validate information encountered on other platforms. We’ve invested in building a growing range of information literacy features — including Fact Check Explorer, Reverse image search, and About this result — and today, we’re announcing several updates to make these features even more helpful.

Expanding About this result to more places

About this result helps you see more context about any Search result before you ever visit a web page, just by tapping the three dots next to the result. Since launching last year, people have used About this result more than 2.4 billion times, and we’re bringing it to even more people and places – with eight more languages including Portuguese (PT), French (FR), Italian (IT), German (DE), Dutch (NL), Spanish (ES), Japanese (JP) and Indonesian (ID), coming later this year.

This week, we’re adding more context to About this result, such as how widely a source is circulated, online reviews about a source or company, whether a company is owned by another entity, or even when our systems can’t find much info about a source – all pieces of information that can provide important context.

And we’ve now launched About this page in the Google app, so you can get helpful context about websites as you’re browsing the web. Just swipe up from the navigation bar on any page to get more information about the source – helping you explore with confidence, no matter where you are online.

Source

Continue Reading

Google

Finding community and customers through Growth Academy: Women Founders

With thousands of highly-valued tech companies, a global-first market approach, and a strong economy dominated by entrepreneurship, it’s clear why Israel’s nickname is ‘The Startup Nation.’However, this thriving startup ecosystem isn’t equally supportive of all aspiring founders. According to the latest Israeli Tech Gender Distribution Report, spearheaded by Google for Startups and IVC Data and…

Published

on

By

With thousands of highly-valued tech companies, a global-first market approach, and a strong economy dominated by entrepreneurship, it’s clear why Israel’s nickname is ‘The Startup Nation.’

However, this thriving startup ecosystem isn’t equally supportive of all aspiring founders. According to the latest Israeli Tech Gender Distribution Report, spearheaded by Google for Startups and IVC Data and Insights, only 2% of startups with a woman founder raised above $50 million between 2018 and 2021. While the number of entirely women-led companies has doubled in the past decade, they still only comprise 6.3% of Israeli startups — and only 13.9% of startups had at least one woman co-founder in a mixed-gender founding team.

I fall into the latter category. My cofounder Gal Benbeniste and I met during college, where we bonded over how outdated the investment world is. What started with trying to figure out a simple way to automate became FinityX, a deep-tech startup that helps investors implement AI tools as part of their investment process to save time and resources, and improve quality.

While I have been humbled by FinityX’s rapid growth and recognition, as one of the very few women in the deep-tech space I’ve always wanted to be able to access the same capital, business networks, and mentorship readily available to my male cofounder.

So I was thrilled when Google for Startups launched a Growth Academy program tailored specifically for the needs of early-stage women founders. Based on the successful Startup Growth Lab curriculum, the program includes leadership workshops with Israeli VCs such as Entree Capital, Ibex and Viola, leadership sessions with top industry lecturers, and one-on-one Google product mentorship. “Ever since Google for Startups opened Campus Tel Aviv in 2012, diversity and inclusion has been an essential focus to our work,” said Marta Mozes, marketing manager of Google for Startups in Israel. “When we discovered this data about female founders in Israel, we knew we had to be part of the change.”

Meet the other Israeli entrepreneurs, representing industries from family vacation-planning to finance, who joined me at Google for Startups Growth Academy: Women Founders:

  • Miri Berger, Cofounder & CEO of 6Degrees
  • Kerri Kariti, Cofounder & CPO of Claritee
  • Vardit Legali, Cofounder & CEO of Clawdia
  • Ronny Schwartz Dgani, Cofounder & CMO of Expecting.ai
  • Inbal Glantser and Naama Yacobson, Cofounders of Homaze
  • Tamar Liberman, Tal Provizor Narkiss, and Lee Winfield, Cofounders of It’s July
  • Mika Kayt, Founder & CEO of Outgage
  • Danielle Shpigel and Yarden Kaufmann, Cofounders of Unika

Source

Continue Reading

Trending

Copyright © 2021 Today's Digital.