Google reveals the nastiest zero-days it tracked this year
The number of zero-day vulnerabilities exploited in the wild continued on an upward trajectory in 2023, posing a worrying question for businesses and consumers alike, new research from Google‘s security experts has claimed.
A new report from Mandiant and Google’s own Threat Analysis Group (TAG) analyzed the zero-day landscape, noting hackers were focused on third-party components and libraries, as that allowed them faster and easier scaling, for maximum impact.
According to the analysis, there were 87 zero-day vulnerabilities exploited in the wild last year, more than 50% compared to the year before (62). However, the year was somewhat better than the record-breaking 2021, when 106 zero-days were abused.
Nation-state attacks on the rise
Enterprises were, and continue to be, a major target, with hackers casting an ever-wider net, while state-sponsored groups keep grabbing the larger piece of the overall hacking pie.
Last year, most hackers focused on third-party components and libraries. Google claims that this type of vulnerability can scale to affect more than one product, making it a prime attack surface. “We saw this theme repeated across threat actors of all motivations, seeking vulnerabilities in products or components that provided broad access to multiple targets of choice.”
As targets, enterprise entities grew even more popular, and more varied last year. Google observed hackers increasingly targeting enterprise-specific technologies, with the total number of zero-days abused here, up by almost two-thirds (64%) year-on-year. “This increase was fueled mainly by the exploitation of security software and appliances,” Google added.
The report also argues that nation-states are more interested in exploiting zero-days than financially motivated hacking groups. That being said, China is still the number one, with its groups exploiting 12 zero-days last year, up from 7 the year before. This was “more than we were able to attribute to any other state,” Google concluded.
More from TechRadar Pro
The number of zero-day vulnerabilities exploited in the wild continued on an upward trajectory in 2023, posing a worrying question for businesses and consumers alike, new research from Google‘s security experts has claimed. A new report from Mandiant and Google’s own Threat Analysis Group (TAG) analyzed the zero-day landscape, noting…
