Google’s New Report Reveals a Rise in Zero-day Exploits in 2023

Highlights:

• Of the 97 zero-day exploits monitored in 2023, 36 targeted enterprise-oriented technologies, like security software and hardware.
• The research asserts that Chinese cyber espionage groups exploited 12 zero-day vulnerabilities in 2023, up from seven in 2022, and that China was the primary source of government-backed exploitation.

Google’s new report warns about zero-day exploits becoming more common amid increasing nation-state hackers. Google LLC’s Threat Analysis Group and Google-owned Mandiant released the report.

There were 97 zero-day vulnerabilities found by Google in 2023, up from 62 in 2023 itself but down from 106 in 2021, according to the report “We’re All in this Together: A Year in Review of Zero-Days Exploited In-the-Wild in 2023.” Zero-day attacks use software susceptibility that was not known previously prior to the developers get a chance to tackle it.

Of the 97 zero-day exploits monitored in 2023, 36 targeted enterprise-oriented technologies, like security software and hardware. The other 61, however, impacted end-user platforms and products, like mobile phones, operating systems, browsers, and other apps.

Corporate-specific technology was exploited by adversaries 64% more frequently than the year before, and Google reports that the number of corporate vendors attacked has increased overall since 2019. Zero-day vulnerabilities in third-party components and libraries were discovered to be a main attack surface in 2023, which led to the observation that attackers were moving to these areas in 2023.

75% of known zero-day exploits targeting Google products and Android ecosystem devices in 2023 were discovered to be the work of commercial surveillance vendors, which are businesses that create and market tools and software intended for monitoring and gathering intelligence, typically employed by governments. Additionally, it was discovered that 60% of the 37 zero-day browser and mobile device vulnerabilities that were exploited in 2023 were caused by CSVs.

The research asserts that Chinese cyber espionage groups exploited 12 zero-day vulnerabilities in 2023, up from seven in 2022, and that China was the primary source of government-backed exploitation.

Another unexpected discovery in the report was that, in 2023, the amount of exploitation linked to financially motivated individuals reduced proportionately; only ten zero-day exploits were determined to be the result of such attackers last year. Three of them were traced back to threat group FIN11.

The report states, “Exploiting zero-days is no longer a niche capability. The proliferation of exploit technology makes this troubling threat available to more actors around the world.”

The research offers several suggestions to enhance their security posture, such as the necessity for businesses to develop defensive tactics that prioritize threats and for the industry to embrace transparency and disclosure. Establishing robust security frameworks is recommended for organizations, and software and product vendors should plan during the design phase for potential reactions if a zero-day exploit targeting their product is found in the wild.