Friday, March 1, 2024

41 Zero-days Exploited In-the-Wild in 2022 – Google Report

In 2022, the detection of zero-day exploits in the wild decreased by 40% compared to the previous year. 

41 in-the-wild 0-days were detected, the second-highest count since 2014, but lower than the 69 found in 2021.

While a 40% drop appears as a security win but, the reality is more complicated than it seems. Despite the drop, 41 zero days in the wild is significant, and declining numbers don’t necessarily indicate improved product security or better detection by defenders.

41 Zero-days Detected

Google’s 2020 finding of 25% exploited zero-days linked to disclosed vulnerabilities increased to over 40% in 2022, with 17 of 41 zero-days connected. Over 20% were variants of previous zero-days, seven from 2021 and one from 2020.

Detection (Source – Google)

In 2022, 18 organizations were credited across the 41 in-the-wild 0-days, highlighting the importance of a large workforce tackling this problem.

Analyzing 2022 0-days, Google researchers anticipate industry focus in the following areas:-

  • Enhance patching to promptly address variants and n-days posing as 0-days.
  • Platforms adopt browser-like mitigations to reduce the exploitability of entire vulnerability classes.
  • Make sure to increase transparency and collaboration between vendors and defenders to detect exploit chains across multiple products.

The 0-days detected and disclosed in the wild serve as one of many indicators for security experts, who attribute the 40% drop from 2021 to 2022 to a mix of improvements and regressions, leading to a higher-than-average count in 2022.

Gaps between upstream vendors and downstream manufacturers enable n-days to act as 0-days due to the lack of available patches, leaving users with limited defenses. Android experiences more prevalent and extended gaps in such associations.

Zero-Days Platforms (Source – Google)

Alongside the general decrease in detected zero-days, browser zero-days reduced by 42% in 2022, possibly due to increased exploit mitigations by manufacturers and attackers shifting focus to other areas.

In 2022, attackers also favored zero-click exploits, targeting non-browser components like iMessage.

Zero-Days Browsers (Source – Google)

One-click exploits require a visible link that targets must click, potentially detectable by security tools, with the exploits hosted on a server at that link that is navigable.

In the second half of 2023, their 0-days in-the-wild program moves from Project Zero to TAG, combining vulnerability analysis, detection, and threat actor tracking expertise in one team – introducing TAG Exploits.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNewsLinkedinTwitter, and Facebook.


Latest articles

Golden Corral restaurant chain Hacked: 180,000+ Users’ Data Stolen

The Golden Corral Corporation, a popular American restaurant chain, has suffered a significant data...

CISA Warns Of Hackers Exploiting Multiple Flaws In Ivanti VPN

Threat actors target and abuse VPN flaws because VPNs are often used to secure...

BEAST AI Jailbreak Language Models Within 1 Minute With High Accuracy

Malicious hackers sometimes jailbreak language models (LMs) to exploit bugs in the systems so...

Hackers Hijack Anycubic 3D Printers to Display Warning Messages

Anycubic 3D printer owners have been caught off guard by a series of unauthorized...

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

Stellar Cyber, the innovator of Open XDR, today announced that RSM US – the leading provider...

Biden Crack Down Sale of Americans’ Personal Data to China & Russia

To safeguard the privacy and security of American citizens, President Joe Biden has issued...

Kali Linux 2024.1 Released – What’s New

Kali Linux recently released version 2024.1, the first release of the year 2024, with...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles