- A report released Tuesday by Symantec found there were 54 zero-day vulnerabilities discovered in 2015—more than twice the number found in 2014.
- Zero-day, or unknown, vulnerabilities are when a vendor releases a software without realizing security flaws exist. If a hacker exploits the flaw before a vendor discovers and fixes it, it is called a zero-day vulnerability.
- Four of the five most exploited zero-days were in Adobe Flash, according to the report.
Security experts say the increase is a sign of cybercrime’s increasing complexity. Recent reports found that cybercriminals are coordinating across the globe, defying both language and geographic barriers. As they further coordinate, cybercriminals are developing more sophisticated families of malware.
"People figured out that they could make money by finding zero-day vulnerabilities and selling them to attackers," Kevin Haley, director of security response at Symantec, told Reuters. "So there became a marketplace, and these things started to have value, and people started to hunt for them."
The number of mega-breaches, with hackers accessing more than 10 million records, also hit a record high. Spear-phishing campaigns increased 55% in 2015 and ransomware increased 35% according to the report.
Meanwhile, the total number of personal identities exposed as a result of breaches rose 23%.
Companies aren’t always required to reveal how many records they lost in a data breach. Symantec estimates that in reality, more than half a billion records have been breached.
Hackers can exploit almost any security vulnerability and without concerted efforts by enterprises to ensure cyber hygiene and secure systems, an unprepared company could find it is the next target.