Hackers used record number of unknown flaws in 2015

Hackers' sophistication jumped in 2015, according to new research.

Security software vendor Symantec released a report on Monday showing that not only had hackers exposed over 400 million identities in 2015, but that they also used a record number of so-called zero-day vulnerabilities to do so.

ADVERTISEMENT

A zero-day vulnerability is a software flaw that the manufacturer has not noticed, making it a highly effective tool for cyber spies and criminal syndicates.

In 2015, 54 of these zero-days were uncovered and exploited by hackers, Symantec said. That’s more than twice as many as the 24 that were deployed in 2014 and the 23 used in 2013. Before that, the next highest total from the past decade was 15, in 2007.

The exploding use of zero-days reveals hackers' increasing savvy.

“Given the value of these vulnerabilities, it’s not surprising that a market has evolved to meet demand,” Symantec said in a summary of the report.

These flaws helped hackers pilfer an enormous amount personal information.

The reported number of breached identities reached 429 million in 2015, Symantec said, a 23 percent increase from 2014. This number was helped by a record total of nine “mega breaches,” or a breach of over 10 million people’s sensitive data.

But the total may belie the actual quantity of stolen information. The number of companies that didn’t report the number of people affected by breaches jumped 85 percent last year from 2014, Symantec said.

“The increasing number of companies choosing to hold back critical details after a breach is a disturbing trend,” said Kevin Haley, director of Symantec Security Response. “Transparency is critical to security.”

Symantec researchers estimate the actual tally of personal records lost was at least half a billion.