Zero Days Enjoy Longer Shelf Life Than Previously Thought
In a presentation at the Association for Computing Machinery’s Computer and Communications Security conference in Raleigh, North Carolina, two researchers Leyla Bilge and Tudor Dumitra looked at 18 malware attacks, finding example of them being exploited in the wild for up to 312 days on average and up to 2.5 years in some cases.
“In fact, 60% of the zero-day vulnerabilities we identify in our study were not known before, which suggests that there are many more zero-day attacks than previously thought—perhaps more than twice as many,” the researchers noted in their white paper.
On the other hand, the team found that when a vulnerability is noted by security community or the vendor, attackers will jump on the opportunity in the narrow space until users have patched their system. According to Forbes.com, " a single exploit jumped from a handful of cases to tens of thousands within days of a bug’s disclosure."
Read the full paper here.