The number of actively abused zero-days has increased significantly in 2023 compared to 2022, according to Google’s Threat Analysis Group and security company Mandiant in a new report. In total, the organizations counted 97 exploited zero-day leaks, fifty percent more than in 2022.
61 of the found zero-days affected platforms and products for end users, the organizations wrote in the report. This concerns, for example, vulnerabilities in mobile devices, operating systems and browsers.
Most of these were found in Windows (17), where they mainly concern vulnerabilities that allow an attacker with access to a system to increase his privileges. Furthermore, many actively exploited zerodays were found in Safari (11), iOS (9), Android (9) and Chrome (8). A significant increase is also visible in Safari and Android. Eight more actively exploited zero-days were observed in Safari than in 2022. In Android, there were six more zero-days.
In addition to vulnerabilities in end-user products, 36 actively exploited zero-days were also observed in enterprise technologies, such as security software and enterprise devices. Google TAG and Mandiant emphasize that this is a significant increase compared to previous years. In 2019, only 11.8 percent of zero-days focused on enterprise technologies, while in 2023 it was 37.1 percent. According to the organizations, this reflects an ongoing shift in the types of products that are targeted for abuse.
TAG and Mandiant were able to establish a motive for 58 of the 97 zero-days. Only ten of zero-days, or 17.2 percent, are exploited by financially motivated attackers. That is slightly less than in 2022. 41.4 percent of zero-days were abused by attackers engaged in espionage. Furthermore, according to the report, China deploys the most zero-days, followed by Russia, North Korea and Belarus.
