There are many zero-day vulnerabilities, but not all of them are widely exploited. Google and Mandiant observed 97 zero-day vulnerabilities that were heavily exploited - an increase of 50 percent compared to the previous year.
Google and Mandiant released a new study that observed 2023 zero-day vulnerabilities exploited in the wild in 97. That's over 50 percent more than in 2022 (62 vulnerabilities), but less than the record-breaking 106 vulnerabilities exploited in 2021. TAG and Mandiant were responsible for the original discovery of 29 of these vulnerabilities.
Many enterprise-focused zero-day vulnerabilities
Google researchers divide the vulnerabilities into two main categories: end-user platforms and products (e.g. mobile devices, operating systems, browsers and other applications) and enterprise-focused technologies such as security software and appliances.
The report highlights some of the industry's successes and advancements, but also notes that the pace of discovery and exploitation of zero-day vulnerabilities will likely remain elevated compared to pre-2021 numbers.
Summary of key findings
- Of the 58 zero days, for which the threat actor's motives could be assigned:
• 48 of them were attributed to espionage actors
• The remaining 10 were financially motivated actors - The People's Republic of China (PRC) continues to be at the forefront of state-sponsored attacks.
- Cyber espionage groups from China exploited 2023 zero-day vulnerabilities in 12, up from seven in 2022
- Almost two thirds (61) of zero days affected end-user platforms and products (e.g. mobile devices, operating systems, browsers and other applications)
- The remaining 36 vulnerabilities concerned enterprise-focused technologies such as security software and devices.
• There is progress: Google researchers note: “End-user platform providers such as Apple, Google, and Microsoft have made notable investments that have a significant impact on the type and number of zero-days that actors can exploit.”
• Attacks on companies continue to increase and will be more diverse in 2023. - Google saw a 64 percent increase the exploitation of enterprise-specific technologies by attackers compared to the previous year and an overall increase in the number of enterprise vendors targeted since at least 2019.
• In 2023, Google saw more bugs in third-party components and libraries than in the product's first-party code. - iOS vs Android:
• Nine “in-the-wild” zero-days were discovered and released for Android in 2023, up from three in 2022
• Eight zero-days were discovered and released in the wild for iOS in 2023, up from four in 2022. - Safari vs Chrome:
• In 2023, there were eight zero-days in the wild targeting Chrome and 11 targeting Safari.
About Mandiant Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response. With decades of experience on the cyber frontline, Mandiant helps organizations confidently and proactively defend against cyber threats and respond to attacks. Mandiant is now part of Google Cloud.