ChannelLife India - Industry insider news for technology resellers
India
Guides
#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes
Search
Story image
#
Advanced Persistent Threat Protection
#
Apple
#
Dark web
Record rise in zero-day vulnerabilities exposed in Google-Mandiant report
Tue, 2nd Apr 2024
Author image
By Tom Raynel, Managing Editor
Follow us

In a major new cybersecurity report released by Google and Mandiant, 97 zero-day vulnerabilities exploited in the wild were reported for the year 2023. This reveals an increase of over 50% compared to the 2022 data, which registered 62 vulnerabilities. However, this recent figure is still below the record 106 vulnerabilities exploited in 2021.

The Google and Mandiant report further noted that 29 of these vulnerabilities were originally discovered by these tech giants themselves. The reported vulnerabilities encompassed two main categories: end-user platforms and products such as mobile devices, operating systems, browsers, and other applications and enterprise-focused technologies, including security software and appliances.

The study identifies a clear trend, suggesting that "the pace of zero-day discovery and exploitation will likely remain elevated" compared to pre-2021 figures. Nonetheless, it does spotlight numerous industry successes and significant progress.

For 58 of these zero-day exploitations, the threat actors’ motivations were accountable; 48 of these infringements were attributed to espionage actors, with financially motivated actors being responsible for the remaining 10. In terms of state sponsorship, the People's Republic of China (PRC) was identified as the leading perpetrator, with 12 zero-day vulnerabilities exploited in 2023, up from seven in 2022.

The report delineated the affected domains of the vulnerabilities, revealing that nearly two-thirds (61) of zero-days impacted end-user platforms and products, such as mobile devices, operating systems, browsers, and other applications. The remaining 36 vulnerabilities, however, targeted enterprise-focused technologies like security software and devices.

The researchers highlighted positive strides, stating that notable investments made by end-user platform vendors, including Apple, Google, and Microsoft, are "having a clear impact on the types and number of zero-days actors are able to exploit."

The report further mentioned a general upward trend in the targeting of enterprises, with a 64% increase in adversary exploitation of enterprise-specific technologies from the preceding year. This trend has been rising steadily since at least 2019. Importantly, in 2023, Google observed an increase in coding errors in "third-party components and libraries" rather than in the products' original code.

Additionally, statistics on the number of zero-days detected and disclosed in specific platforms revealed an increase in both Android and iOS. Nine in-the-wild zero-days that targeted Android were detected and disclosed in 2023, compared to only three in 2022, while iOS saw eight in-the-wild zero-days, a rise from only four in 2022.

In a comparison between browsers, the results showed that in 2023 eight zero-days targeted Chrome versus 11 which targeted Safari.

Related stories
Game review: TopSpin 2K25 (PS5)
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
Cayosoft reports 56% revenue leap due to AD recovery solution demand
Game review: Stellar Blade (PS5)
KnowBe4 to acquire Egress for enhanced AI-driven cybersecurity
Top stories
ControlUp enhances Edge DX to optimise digital employee experience
SmartBear introduces GenAI-powered no-code test automation in Zephyr Scale
Radware unveils AI-powered DNS DDoS protection solution
DigiCert recruits seasoned CMO Atri Chatterjee in quest for $1bn revenue
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services