Skip to content
Information Technology

Google and Mandiant reveal rise in Zero-Day vulnerabilities exploited in 2023

Mandiant 2 mins read

Google's Threat Analysis Group (TAG) and Mandiant, renowned leaders in cybersecurity research, have released their annual report on zero-day vulnerabilities, highlighting a significant surge in exploitation incidents witnessed in 2023. The report, available here, unveils crucial insights into the evolving landscape of cyber threats and underscores the urgent need for enhanced vigilance and collaborative efforts across the industry.

According to the findings, 97 zero-day vulnerabilities were observed exploited in-the-wild throughout 2023, marking a notable escalation from the previous year's figure of 62 vulnerabilities. While this increase is substantial, it falls short of the record high of 106 vulnerabilities recorded in 2021, providing a nuanced perspective on the evolving threat landscape.

Key contributors to the discovery of these vulnerabilities include Google's TAG and Mandiant, who collectively identified 29 of the exploited zero-day vulnerabilities. Their relentless dedication to uncovering emerging threats has been instrumental in fortifying cyber defences worldwide.

The vulnerabilities were categorised into two primary domains: end-user platforms and products, encompassing mobile devices, operating systems, browsers, and other applications, and enterprise-focused technologies, including security software and appliances. Notably, the report emphasises that despite notable strides in addressing vulnerabilities, the pace of zero-day discovery and exploitation remains elevated compared to pre-2021 levels.

Further analysis reveals compelling insights into threat actor motivations, with espionage actors accounting for the majority of exploits. Of the 58 zero-days attributed to threat actors' motivations, 48 were linked to espionage activities, while financially motivated actors accounted for the remaining 10.

The report sheds light on the prominent role of the People's Republic of China (PRC) in government-backed exploitation, with PRC cyber espionage groups exploiting 12 zero-day vulnerabilities in 2023, a significant increase from seven incidents in 2022.

End-user platforms and products bore the brunt of zero-day exploits, with 61 vulnerabilities affecting these systems, underscoring the critical need for fortified defences in consumer-facing technologies. Conversely, enterprise-focused technologies witnessed a surge in targeting, with a 64 percent increase observed in adversary exploitation compared to the previous year.

A notable shift was observed in the nature of vulnerabilities, with a higher prevalence of bugs detected in third-party components and libraries as opposed to first-party code. Additionally, the report highlights disparities between operating systems, with Android and iOS witnessing increased targeting, and web browsers such as Chrome and Safari facing a substantial number of zero-day exploits.

While acknowledging the progress made by end-user platform vendors such as Apple, Google, and Microsoft in mitigating vulnerabilities, the report underscores the necessity for sustained collaborative efforts to confront emerging cyber threats effectively.



More from this category

  • Information Technology, Medical Health Aged Care
  • 17/04/2024
  • 09:43
April 17, 2024

A healthy dose of caution required for Virtual Reality

Optometrists are advising caution amidst the recent launch of a range of new Virtual Reality (VR) and Augmented Reality (AR) headsets into the market and forecasts that suggest the number of Australians using the technology could more than double to 3.3 million (12%) by 2027. The warning on potential negative effects on users’ eyesight also comes at a time when new data from The Bupa Pulse Check revealed that 34 per cent of Aussies say technology is having a negative effect on their mental health, this includes 53 per cent of those aged 18-29. Bupa Optical Optometrist Karen Makin said…

  • Information Technology
  • 17/04/2024
  • 05:37
Novarc Technologies Inc.

NOVARC TECHNOLOGIES’ SPOOL WELDING ROBOT ON DEMONSTRATION AT AUSTRALIAN MANUFACTURING WEEK

SWR™ and the SWR™+ HyperFill® Allow Pipe Fabrication Shops to Achieve Higher Productivity, Superior Quality Welds & Improve Welder ErgonomicsVANCOUVER, CANADA, April 16, 2024 (GLOBE NEWSWIRE) --  Novarc Technologies Inc., a full-stack robotics company, specializing in the design and manufacturing of cobots and computer vision AI for automated welding applications, announced today the company will be demonstrating their Spool Welding Robot (SWR™) and the SWR+HyperFill®at Australian Manufacturing Week (AMW) April 17-19 in Sydney, AUS.Novarc’s welding automation technology has revolutionized manufacturing processes and is a productivity game changer for pipe fabrication shops serving sectors such as the oil & gas, mining,…

  • Information Technology, Medical Health Aged Care
  • 16/04/2024
  • 11:53
Australian-made PatientNotes saves 1000s of healthcare professionals hours every month

Say Goodbye to Doctor’s Scribbles: The iOS App That’s Clearing Up Medical Notes with AI

Deciphering doctor’s handwriting is like cracking an ancient code but that changes today with PatientNotes, the AI-driven platform that’s already transforming clinical documentation, launching an iOS app that promises to make illegible notes a thing of the past. “There’s got to be an app for that…AI!” This isn't just any app launch; it's a big deal for anyone bogged down by clinical documentation. That’s pretty much every health professional out there. “Let's face it, paperwork is the worst—especially when you're a healthcare professional trying to juggle ten things at once. PatientNotes is here to take the hassle out of your…

Media Outreach made fast, easy, simple.

Feature your press release on Medianet's News Hub every time you distribute with Medianet. Pay per release or save with a subscription.