Network and security vulnerabilities were linked to more than 60% of zero-day exploits targeting enterprise technologies in 2024, according to a recent report from the Google Threat Intelligence Group (GTIG).
GTIG tracked 75 zero-day vulnerabilities exploited in 2024, a decrease from the number identified in 2023 (98 vulnerabilities), but an increase from 2022 (63 vulnerabilities). The group shared its findings in the report Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis.
The report found that attacks on business technology continue to grow, largely due to the increase in the exploitation of networks and security products. Researchers also found that, for the first time, North Korean threat actors were responsible for the same number of zero-day exploits (five) as Chinese-backed groups.
According to Casey Charrier, senior analyst at GTIG: “Zero-day exploitation continues to grow at a slow but steady pace. However, we have also started to see vendors’ work to mitigate zero-day exploitation begin to pay off. For example, we have seen fewer instances of zero-day exploitation targeting products that have been historically popular, likely due to the efforts and resources that many large vendors have invested to prevent exploitation.”
“At the same time,” he adds, “we are seeing zero-day exploitation increasingly targeting enterprise-centric products, which requires a broader and more diverse set of vendors to increase proactive security measures. The future of zero-day exploitation will ultimately be dictated by the decisions of vendors and their ability to counter the goals and pursuits of threat actors.”
This article originally appeared on Computerworld Spain.
Source:: Network World