Cybercriminals exploited at least 75 security vulnerabilities previously unknown to vendors – the so-called zero days – a report by Google Threat Intelligence Group (GTIG) reveals. Attackers focus on the security and networking software used by enterprises.
Thirty-three vulnerabilities exploited last year targeted enterprise-focused technologies, while 42 bugs affected end-user used platforms and products, such as mobile devices, operating systems, browsers, and other apps.
The number of total exploited zero-days decreased slightly from 98 zero-days in 2023. However, Google warns that the trend is still upwards as the number is higher than in 2022, which saw 63 zero-day vulnerabilities.
Spyware, or so-called commercial surveillance vendors, drive the market and hide their tracks better. They’re increasing operational security practices, potentially leading to decreased detection and attribution.
Cyber espionage operations accounted for over 50% of the vulnerabilities tracked by Google.
“We identified 20 security and networking vulnerabilities, which were over 60% of all zero-day exploitation of enterprise technologies,” the report reads.
Google Chrome was the primary focus of browser zero-day exploitation last year. However, hackers found fewer zero-days affecting browsers last year, 11, compared to 17 in 2023. A similar trend was observed on mobile devices, with only 9 detected zero days, compared to 17 in 2023.
Third-party components are often the targets for attackers to get in.
The Windows operating system delivered the largest share of the zero-day flaws. Last year, Google detected 22 exploits, compared to 17 in 2023.
“As long as Windows remains a popular choice both in homes and professional settings, we expect that it will remain a popular target for both zero-day and n-day exploitation by threat actors,” the researchers said.
Attackers, increasingly focusing on enterprise tech, frequently target Ivanti Cloud Services Appliance, Palo Alto Networks PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN. Google detected 18 unique enterprise vendors targeted.
Google attributes eight discovered zero days to spyware vendors, five to China-sponsored threat actors, five to North Korean espionage and financially motivated groups, and another five to non-state cybercrime groups. At least three zero-days were attributed to Russia.
Google warns that zero-day vulnerabilities are a highly sought-after capability for threat actors, and it’s becoming easier to procure. Attackers are also finding use in new types of technology, straining less experienced vendors.
“We expect zero-day vulnerabilities to maintain their allure to threat actors as opportunities for stealth, persistence, and detection evasion.
Your email address will not be published. Required fields are markedmarked