75 zero-day exploitations spotted by Google, governments increasingly responsible for attacks
- Google observed 75 zero-day bugs last year
- Most were used by state-sponsored actors
- Countries like China and North Korea were specifically mentioned
In 2024, Google’s Threat Intelligence Group (GTIG) discovered 75 zero-day vulnerabilities, and argued that the majority were used in state-sponsored hacking campaigns. The company made these claims in “Hello zero-day my old friend, a 2024 exploitation analysis” paper published recently.
In the report, Google says that the number of zero-day flaws dropped compared to 2023 (from 98 to 75). However, the four-year trend is that the rate of zero-day exploitation “continues to grow at a slow but steady pace.”
While consumer devices continue to be the most attacked targets, there is an increase in adversaries exploiting enterprise-specific technologies. In 2023, roughly a third (37%) of zero-days targeted enterprise products, jumping to 44% last year. This, Google says, is primarily fueled by the increased exploitation of security and networking software and appliances.
Governments at it again
In fact, zero-day vulnerabilities in security software and appliances were a high-value target in 2024. Google says it identified 20 security and networking flaws, which was over 60% of all zero-day exploitation of enterprise technologies. Since the exploitation of these products results in a more efficient and extensive system and network compromise, Google expects threat actors’ focus on these technologies to continue growing.
The biggest abusers of zero-day vulnerabilities are the governments, Google says. “Between government-backed groups and customers of commercial surveillance vendors, actors conducting cyber espionage operations accounted for over 50% of the vulnerabilities we could attribute in 2024,” the report says.
Google singled out China as a major player in this regard, but also mentioned North Korea, whose operatives mixed espionage with financially motivated operations.
The number of Windows exploits rose to 22 (from 16 the year before), while on Safari and iOS it fell (from 11 and 9 to 3 and 2). Android retained its “lucky number” 7, as did Chrome. Firefox was up from zero in 2023 to one in 2024.
Via Ars Technica
You might also like
Google observed 75 zero-day bugs last year Most were used by state-sponsored actors Countries like China and North Korea were specifically mentioned In 2024, Google’s Threat Intelligence Group (GTIG) discovered 75 zero-day vulnerabilities, and argued that the majority were used in state-sponsored hacking campaigns. The company made these claims in…
