In the realm of cybersecurity, the findings for 2024 indicate a troubling trend with the exploitation of 75 zero-day vulnerabilities. These vulnerabilities, which are unknown to software vendors and thus lack immediate patches, were harnessed by threat actors for a variety of attacks throughout the year. The analysis from the Google Threat Intelligence Group (GTIG) highlights that 44% of these vulnerabilities, totaling 33, targeted enterprise solutions—an increase from 37% in 2023.
In their report, GTIG researchers noted a significant focus on security software and appliances, which were deemed high-value targets this year. A staggering 20 vulnerabilities associated with security and networking technologies accounted for over 60% of all zero-day exploitations in enterprise environments. This trend signals a growing recognition among adversaries of the potential for extensive system and network compromises that such exploitation can achieve.
The stark reality is that while user-end technologies like browsers and mobile devices saw a decrease in zero-day exploits, enterprise-focused technologies faced a barrage of attacks. From 2023 to 2024, the exploitation of browser vulnerabilities plummeted from 17 to 11, while the targeting of mobile devices dropped from 17 to just 9. Interestingly, though, the use of exploit chains—combinations of multiple zero-days—has predominantly aimed at mobile users.
Among the interesting developments in the analysis, researchers noted a marked decline in the exploitation of vulnerabilities associated with Apple’s Safari browser and the iOS mobile operating system. For enterprises, attackers targeted vulnerabilities in products from 18 unique vendors out of a total of 20. In this scenario, big tech companies dominated the list, with Microsoft leading the charge at 26 exploits, followed by Google with 11. Apple took a step back, landing in fourth place with merely five detected zero-day exploitations. Ivanti emerged as a key player, being targeted with seven vulnerabilities, signaling an increased focus from attackers on networking and security products.
The rise of Ivanti on the list may be partially attributed to the increased exploitation of security and network technologies by threat actors, particularly those with ties to the People’s Republic of China. The GTIG researchers highlighted that security and network tools, which often manage widespread systems with high permission requirements, are especially valuable targets for attackers. The efficiency of these products also facilitates smoother unauthorized access into enterprise networks.
Moreover, endpoint detection and response (EDR) tools might not be ideally equipped to monitor these susceptible products, further widening the chasm for potential exploitation. This creates a scenario where a single vulnerability can lead to significant consequences, including remote code execution and privilege escalation.
State-sponsored hackers have primarily directed their focus toward zero-day vulnerabilities in firewalls, VPNs, and security appliances. In contrast, financially motivated groups have zeroed in on vulnerable managed file transfer products, such as those developed by Cleo. The trend of commercial spyware vendors employing zero-days also persisted, with multiple exploit chains identified that required physical access to devices.
The most troubling aspect of the findings indicates that the types of vulnerabilities prevalent in 2024 included use-after-free, command injection, and cross-site scripting. These vulnerabilities are preventable by enhancing coding practices through regular code reviews, refactoring outdated codebases, and ensuring the use of up-to-date, trusted libraries. The report encouraged vulnerable vendors and those in the enterprise sector to strengthen their security protocols, protect their systems, and address gaps in configurations that could lead to exploitation.
The researchers also emphasized a concerning pattern; the same vulnerabilities repeatedly come to light, allowing attackers to hone in on predictable weaknesses. This continuity suggests a troubling ease with which threat actors can exploit established issues, indicating a pressing need for improved measures in cybersecurity practices to mitigate future risks effectively.
As the cybersecurity landscape continues to evolve, it will be essential for both users and vendors to acknowledge the persistent threats posed by zero-day vulnerabilities and take proactive measures to safeguard their systems. The GTIG report serves as both a wake-up call and a guide, underscoring the need for heightened vigilance and robust security measures in an increasingly perilous digital environment.