In a comprehensive report released by the Google Threat Intelligence Group (GTIG), 75 zero-day vulnerabilities were identified as actively exploited in the wild throughout 2024, marking a slight decline from 98 in 2023 but an increase from 63 in 2022.
These vulnerabilities, defined as flaws exploited before a patch becomes publicly available, underscore a persistent and evolving threat landscape.
GTIG’s analysis, blending original research with breach investigations and credible open-source data, highlights a notable shift in attacker focus from end-user platforms to enterprise-specific technologies, reflecting strategic changes in threat actor priorities.
.png
)
While the overall trend of zero-day exploitation shows a slow but steady rise over the past four years, the growing targeting of enterprise products signals a need for broader vendor vigilance and enhanced security measures across diverse ecosystems.
Espionage Actors and Enterprise Exploits Dominate
Delving into the specifics, GTIG noted that 44% of these 2024 zero-days-33 vulnerabilities-targeted enterprise technologies, up from 37% in 2023, with a significant emphasis on security and networking software and appliances.
These products, including Ivanti Cloud Services Appliance and Palo Alto Networks PAN-OS, accounted for 20 of the enterprise-focused exploits, offering attackers efficient pathways to extensive system compromises due to high permissions and limited endpoint detection capabilities.
In contrast, exploitation of end-user platforms like browsers and mobile devices dropped, with browser zero-days falling from 17 to 11 and mobile from 17 to 9 compared to 2023, largely due to vendor-driven exploit mitigations.
However, desktop operating systems, particularly Microsoft Windows, saw an uptick to 22 zero-days from 16 in 2023, reinforcing their status as prime targets given their ubiquitous use in personal and professional settings.
Among vendors, Microsoft led with 26 exploited zero-days, followed by Google with 11, while Ivanti’s ranking at third with seven reflects the intensified focus on security products.
On the attribution front, espionage actors, including nation-state groups and commercial surveillance vendors (CSVs), drove over 50% of the identified exploits, with China-backed groups and North Korean actors each tied at five zero-days, the latter marking a significant rise in capability.
Notably, North Korean groups mixed espionage with financially motivated attacks, exploiting flaws in Chrome and Windows to bypass security tools.
CSVs, despite a slight dip in attributed exploits, continued to expand access to zero-day capabilities, often via chains requiring physical device access.
Additionally, non-state financially motivated groups like FIN11 exploited zero-days in file transfer products, showcasing persistent expertise in niche targets.
GTIG’s report also spotlighted specific campaigns, such as a WebKit exploit chain targeting MacOS users to steal cookies and a Firefox exploit by the CIGAR group for both financial and espionage gains.
Looking ahead, GTIG warns of sustained zero-day allure for stealth and persistence, urging vendors-especially those in enterprise sectors-to adopt rigorous coding practices, zero-trust architectures, and continuous monitoring to counter evolving threats and prevent exploitation of critical system vulnerabilities.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
, 75 zero-day vulnerabilities were identified.){kind=link}