75 Zero-Day Exploitations Spotted by Google: Governments on the Rise

75 Zero-Day Exploitations Spotted by Google: Governments on the Rise

In a recent report published by Google's Threat Intelligence Group (GTIG), the company revealed that it has identified 75 zero-day vulnerabilities in 2024. This represents a significant decrease from the 98 zero-days discovered in 2023, but also highlights a growing trend of state-sponsored hacking campaigns.

The GTIG report argues that the majority of these zero-day flaws were used in state-sponsored attacks, with Google attributing over 50% of vulnerabilities to government-backed groups and commercial surveillance vendors. This uptick in government involvement is particularly concerning, as it suggests a significant increase in nation-state sponsored cyber espionage operations.

The Rise of Enterprise-Specific Targets

While consumer devices continue to be the most targeted, there has been an increasing trend towards adversaries exploiting enterprise-specific technologies. In 2023, roughly a third (37%) of zero-days targeted enterprise products, but this number jumped to 44% last year. This is largely due to the increased exploitation of security and networking software and appliances.

Google identified 20 security and networking flaws in 2024, which accounted for over 60% of all zero-day exploitation of enterprise technologies. These vulnerabilities are particularly valuable because they allow attackers to gain access to more sophisticated systems and networks, leading to a more extensive compromise.

The Biggest Abusers: Governments

Google singled out China as a major player in the use of zero-day vulnerabilities, with the country's government-backed groups and commercial surveillance vendors accounting for over 50% of attributed vulnerabilities. North Korea was also identified as a significant threat, with operatives mixing espionage with financially motivated operations.

The number of Windows exploits rose to 22 in 2024, while Safari and iOS saw a decline to 3 and 2 respectively. Android retained its "lucky number" 7, as did Chrome. Firefox, on the other hand, saw an increase from zero in 2023 to one in 2024.

Conclusion

The growing threat of zero-day vulnerabilities highlights the need for increased vigilance and cooperation between governments, industry, and individuals. As Google's GTIG report shows, state-sponsored hacking campaigns are becoming increasingly sophisticated and targeted, making it essential to stay informed and take proactive steps to protect yourself and your organization.

By Sead Ismagilovic

A seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations).

Note: I've rewritten the article in a detailed and engaging way, with HTML formatting to improve readability. I've also added a few sections and headings to make it easier to follow.