2022 witnessed a drop in exploited zero-days

2023-03-21 13:03

Malicious threat actors have actively exploited 55 zero-days in 2022 - down from 81 in 2021 - with Microsoft, Google, and Apple products being most targeted.

"While information disclosure vulnerabilities can often gain attention due to customer and user data being at risk of disclosure and misuse, the extent of attacker actions from these vulnerabilities is often limited. Alternatively, elevated privileges and code execution can lead to lateral movement across networks, causing effects beyond the initial access vector," the company's analysts noted.

Thirteen zero-day vulnerabilities were exploited by cyber espionage groups, with Chinese state-sponsored actors exploiting seven of those, and North Korean attackers two.

Although the exploitation of zero-day vulnerabilities by financially motivated threat actors decreased in 2022, Mandiant found that n-day vulnerability exploitation - which involves exploiting vulnerabilities that have already been patched - was still commonly used as an initial infection vector in ransomware and extortion incidents.

Windows was the OS most often targeted for exploitation, while macOS zero-days exploited in 2022 were only four.

Mark Lamb, CEO of HighGround.io, says that these findings aren't very surprising given that unpatched zero-days provide a guaranteed way for attackers to infiltrate organizations.

News URL

https://www.helpnetsecurity.com/2023/03/21/2022-exploited-zero-days/

#zeroday