This is revealed by a recently published report by Mandiant in 2022, a total of 55 zero-day vulnerabilities were exploited, or at least such an amount the company managed to track down. For those who are lost, zero-day vulnerabilities are those that are unknown to users and product manufacturers, but are known to the attackers who exploit them. Because the product developer is unaware of the vulnerability, malicious actors have a free hand to exploit it or sell tools and exploits they do

The number of 55 zero-day vulnerabilities discovered in 2022 by Mandiant is less than the 86 observed in 2021. On the other hand, and counting from 2012, 2022 was the second year in which the company registered a higher number of vulnerabilities. a clear difference from the rest.

Mandiant estimates it 13 vulnerabilities were exploited by cyber espionage groups, of which 7 or more than 50% were Chinese-sponsored groups., while the other three were exploited by actors originating from or associated with the North Korean regime. Russia, another country very familiar with these issues, exploited two vulnerabilities with the possibility that the well-known APT28 group is behind them.

Mandiant attributes the exploitation of four zero-day vulnerabilities to actors operating for financial reasons, representing a quarter of the 16 vulnerabilities for which the company was able to determine the reason for their exploitation. 75% of the 16 cases appear to be related to ransomware operations, however the proportion of financially motivated attacks decreased in 2022.

It changes the perspective but not the subject, Microsoft was the vendor that exploited the most zero-day vulnerabilities, with 18 in total. Rounding out the podium are Google with 10 and Apple with 9, while the other 18 that Mandiant placed with vendors are distributed by Mozilla, Sophos, Trend Micro, Adobe and others, each with a maximum of two.

At the operating system level In 2022, 15 zero-day vulnerabilities were exploited in Windows compared to 4 in macOS (No amount was released for Linux.) Mandiant discovered in browsers 9 in Google Chrome compared to only 2 in Firefox. The company explains this trend by the fact that popular software is more attractive to malicious actors, so if we take the shares of different browsers as a reference, it can even be said that attacking macOS is currently more attractive than Firefox, since Mozilla’s browser has been fighting for years not to fall into irrelevance .

An interesting fact is that the total number of zero-day vulnerabilities exploited in the mobility sector was six, with five affecting iOS and only one Android. That’s odd because it’s Android that usually gets a bad name for security compared to iOS.

Despite the massive use of mobile phones, desktop systems continue to be more used, according to data published by Mandiant, possibly due to the fact that Windows is still dragging out certain decisions that can make it very easy for malicious actors and the widespread use of said system. works in companies and organizations.

And so far the most general and interesting zero-day vulnerability data tracked by Mandiant, both at the level of threats and affected products. Those who wish can view the full report posted on the company’s website.