Google’s security team counted 97 actively exploited zero-day vulnerabilities in 2023. That’s fifty percent more than in 2022, but not a record.
Google carefully tracks the number of zero-day attacks exploited “in the wild” each year. At the end of 2023 the counter was at 97, the report says. That is fifty percent more than in 2022, when “only” 62 zero-days were discovered. The record year remains 2021 with 106 zero days. The report only covers actively exploited zero-day attacks that have appeared on Google’s (and subsidiary Mandiant) radar. Actual numbers may be higher.
The majority of zero days affect end-user platforms and products. This includes mobile and PC operating systems as well as browsers. The “frontrunner” is Windows with 17 zero-days discovered; Apple also contributes with eleven in Safari and nine in iOS. Safari is also the strongest “riser” with eight more zero days than in 2022. Google also has to act, because Chrome (8) and Android (9) were not spared either.
More zero days in enterprise software
Google notes that the number of zero-days exploited in enterprise software is increasing every year. Last year, Google counted 36 zero-days in this category, compared to just four in 2019. That doesn’t mean that zero-days are more common in enterprise software than they were a few years ago, but it does mean that attackers are more focused on them than before. Google therefore advises software companies to have a plan in place to quickly respond to vulnerabilities in their products.
espionage
Google also recognizes the motive behind zero-day attacks. Hackers often act with financial motives, but this seems to be an exception when it comes to zero-days: less than twenty percent of zero-days are exploited for quick financial gain.
Zero-day vulnerabilities appear to be a way to inject spyware into devices: This was the case in 41 percent. In the list of countries that are not averse to espionage, the usual names appear. China is the most likely to abuse zero days, followed by Russia, North Korea and Belarus. You can find the full report here.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
