Info@NationalCyberSecurity
Info@NationalCyberSecurity

Google: Zero-Day Attacks for Hacking Shot Up in 2023 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


Following a decline in 2022, Google saw an increase in hackers exploiting new zero-day vulnerabilities to attack software last year. 

In 2023, the company observed 97 unique zero-day vulnerabilities exploited in the wild, Google researchers say in a new report. That represents a more than 50% increase from the previous year, when only 67 new zero-day attacks were recorded. 

Still, Google says the tech industry continues to make progress in stopping zero-day attacks, or when a hacker discovers and exploits a previously unknown software flaw. Although high, 97 is still down from the record high of 106 new zero-day vulnerabilities exploited back in 2021.  

Google slide

(Credit: Google)

Zero-day attacks are scary because they’re often difficult to defend against until the software vendor becomes aware of the flaw. In response, Google has annually documented the use of known zero-day exploits to measure the tech industry’s efforts to address the threat. To provide a broader perspective, this year the company decided to combine its own findings with those from Mandiant, a cybersecurity vendor Google acquired in 2022. Hence, the numbers are higher than the company’s previous reports. 

Google attributes 2023’s increase in zero-day attacks to hackers exploiting a wider range of software. This includes finding flaws in third-party components and libraries, which can be used across multiple software products. The other trend involved hackers targeting enterprise software more, rather than mainstream consumer products. 

“We observed an increase in adversary exploitation of enterprise-specific technologies in 2023, with a 64% increase in the total number of vulnerabilities from the previous year and a general increase in the number of enterprise vendors targeted since at least 2019,” the company added. 

Google also says commercial spyware vendors and the Chinese government were allegedly significant users of zero-day exploits in 2023. “PRC (People’s Republic of China) cyber espionage groups exploited 12 zero-day vulnerabilities in 2023, up from seven in 2022, more than we were able to attribute to any other state and continuing a trend we’ve observed for multiple years,” the company said. 

Google slide

(Credit: Google)

Meanwhile, commercial spyware vendors were behind over 13 of the 17 zero-day vulnerabilities affecting Google products last year. In addition, the vendors were also tied to 11 of the 20 flaws involving Apple’s iOS and Safari software.  

On the plus side, Google noticed financially motivated cybercriminals exploiting only 10 zero-day vulnerabilities, a drop from 2022. “At least four ransomware groups separately exploited another four zero-days,” the company noted. 

Recommended by Our Editors

In terms of software platforms, Microsoft’s Windows OS experienced the most exploited zero-day vulnerabilities at 17. At second was Apple’s Safari browser, which faced 11 zero-day flaws while Apple’s iOS was targeted with nine zero-day attacks. 

Google slide

(Credit: Google)

To stop the danger, Google said its efforts to secure the Chrome browser from memory-related “use after free vulnerabilities” has been paying off. In addition, the company credited Apple with rolling out Lockdown mode as an important measure to thwart hackers from exploiting iOS flaws against users who enable the function. 

Still, the search giant expects the volume of new zero-day exploits to increase, citing hackers investing more resources into finding fresh software flaws. “The wider proliferation of technology has made zero-day exploitation more likely as well: simply put, more technology offers more opportunity for exploitation,” the company added.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

var facebookPixelLoaded = false;
window.addEventListener(‘load’, function() {
document.addEventListener(‘scroll’, facebookPixelScript);
document.addEventListener(‘mousemove’, facebookPixelScript);
})

function facebookPixelScript() {
if (!facebookPixelLoaded) {
facebookPixelLoaded = true;
document.removeEventListener(‘scroll’, facebookPixelScript);
document.removeEventListener(‘mousemove’, facebookPixelScript);

! function(f, b, e, v, n, t, s) {
if (f.fbq) return;
n = f.fbq = function() {
n.callMethod ?
n.callMethod.apply(n, arguments) : n.queue.push(arguments)
};
if (!f._fbq) f._fbq = n;
n.push = n;
n.loaded = !0;
n.version = ‘2.0’;
n.queue = [];
t = b.createElement(e);
t.async = !0;
t.src = v;
s = b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t, s)
}(window,
document, ‘script’, ‘//connect.facebook.net/en_US/fbevents.js’);

fbq(‘init’, ‘454758778052139’);
fbq(‘track’, “PageView”);
}
}

——————————————————–


Click Here For The Original Story From This Source.

.........................

National Cyber Security

FREE
VIEW