Google has shown that there were 75 zero days that are operated in the wild in 2024, decreasing compared to 98 in 2023.
Of the 75 zero days, 44% of them are targeted enterprises. The software and instrument revealed 20 disadvantages.
“Zero browsers and mobile devices decreased dramatically, decreasing approximately a third for browsers and twice for mobile compared to what we watched last year,” Google Group (GTIG) – Note In a report that shared with Hacker News.
“Operating chains consisting of multiple vulnerabilities with zero day still remain almost exclusive (~ 90%) used to focus on mobile devices.”
While Microsoft Windows was 22 flaws with zero day, which were operated in 2024, the Safari in Apple had three in iOS, Android had seven, Chrome had seven, and Mozilla Firefox-only disadvantage. Three of the seven zero days operated in Android were found in other components.
Among the exploited 33 zero days in the software and enterprise appliances, 20 of them are focused security and network products, such as Ivanti, Palo Alto Networks and Cisco.
“The safety and network tools and devices are designed to connect wide systems and devices with high permits required to manage products and their services, making them very valuable targets for threatening subjects that seek effective access to enterprises,” GTIG researchers said.
A total of 18 unique suppliers of enterprises were sent in 2024, compared to 12 in 2021, 17 in 2022 and 22 in 2023. Companies with the most focused zero days were Microsoft (26), Google (11), Ivanti (7) and Apple (5).
Moreover, the operation of the zero day in 34 out of 75 deficiencies was associated with six extensive clusters of the threat –
- Spied by the state (10), led by China (5), Russia (1) and South Korea (1) (for example ,, for example, Cve-2023-46805. Cve-2024-2187)
- Commercial Supervisors (8) (eg Cve-2024-53104. Cve-2024-32896. CVE-2024-29745, CVE-2024-29748)
- Non -state financially motivated groups (5) (eg Cve-2024-55956)
- State espionage and financially motivated groups (5), all from North Korea (eg Cve-2024-2138. Cve-2024-38178)
- Non -governmental financially motivated groups also conduct espionage (2), all from Russia (eg Cve-2024-9680, Cve-2024-49039)
Google stated that he had discovered in November 2024 a malicious injection of JavaScript on the website of the diplomatic academy of Ukraine (online.da.mfa.gov (.) UA) that caused a feat for Cve-2024-44308leading to an arbitrary code.
Then it was chained Cve-2024-44309The Cookie Vulnerability of the Webkit, to launch the script attack on the site (XSS) and ultimately collect the files of users to unauthorized access to login.microsoftonline (.) Com.
Further, the technological giant noted that it independently discovered a network of operation for Firefox and Tor observers, which used the combination of the CVE-2024-9680 and CVE-2024-49039 to escape from the Firefox sandbox and perform a malicious code with increased privileges, thus laiding the way for the outburst.
Activities earlier named ESET was associated with an actor threatened called Romcom (aka Storm-0978, Tropical Scorpius, UAC-0180, UNC2596 and Void Rabisu). Google tracks a double group of threats motivated to motivate called Cigar.
Both shortcomings are said to have been abused as zero day to another, probably a financially motivated hacking crew that used a legitimate, compromised news website as a fuel hole to redirect visitors to a domain controlled by the operating network.
“The exploitation of the zero day continues to grow slow but sustainable. However, we also started seeing the work providers to mitigate the operation with zero day starting to pay off,” said Casey Sharer, Gtig Senior Analyst, in a statement shared with Hacker News.
“For example, we have observed fewer cases of zero-oriented products that were historically popular, probably because of the efforts and resources that many major suppliers have invested to prevent operation.”
“At the same time, we see the operational exploitation with zero days before increasing the targeting of products focused on enterprises, which requires a broader and diverse set of suppliers to increase active safety measures. The future operation of the zero day will ultimately be dictated by solutions.
