Google’s Threat Analysis Group (TAG) and Mandiant teams observed 97 zero-day vulnerabilities exploited in the wild last year, a staggering 56% increase over 2022’s 62 zero-day exploits, but shy of 2021’s all-time high of 106.
In Google’s fifth annual review of zero-days exploited in the wild, researchers split the vulnerabilities into two main categories: End user platforms and products such as mobile devices, operating systems, browsers and other applications; and enterprise-focused technologies such as security software and appliances.
Based on the findings, Google saw progress in defending against zero-day vulnerability, which is a flaw that is exploited and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability.
“End-user platform vendors, such as Apple, Google, and Microsoft, have made notable investments that are having a clear impact on the types and number of zero-days actors are able to exploit,” Google researchers wrote in a blog post. “Vulnerabilities that were commonplace in years past are virtually non-existent today.”
Despite the progress, researchers also noticed a wider variety of vendors and products were targeted on the enterprise side and there is an increase in enterprise-specific technologies being exploited.
The report also found that zero-day exploits associated with financially motivated actors decreased proportionally. Of the 58 zero days, Google was able to attribute to threat actor motivation, only 10 were attributed to financial motivation, and the remaining 48 were attributed to espionage actors.
“It’s clear that the pace of zero-day discovery and exploitation will likely remain elevated when compared to pre-2021 numbers,” they wrote in the report.
