March 27, 2024 at 10:10AM
Google’s Threat Analysis Group and Mandiant reported a notable increase in zero-day vulnerabilities exploited in 2023, with 97 instances, mostly linked to spyware vendors and their clients. Enterprise and end-user platforms were targeted, with an increase in government-backed attacks and commercial surveillance vendors responsible for half of the exploits. Google recommended defense strategies for high-risk users and the recent U.S. sanctions against spyware operators.
Key Takeaways from Meeting Notes:
– There has been a significant increase in zero-day vulnerabilities exploited in attacks in 2023, with a total of 97 vulnerabilities exploited, representing a surge of over 50% compared to the previous year.
– Mandiant and TAG collectively discovered 29 instances out of 97 vulnerabilities, with 61 affecting end-user platforms and products, and the remaining 36 targeting enterprise-focused technologies.
– Financially motivated actors used ten zero-day vulnerabilities last year, with the FIN11 threat group exploiting three separate zero-day vulnerabilities.
– Chinese cyber espionage groups have been linked to the most government-backed attacks, exploiting 12 zero-day vulnerabilities in 2023.
– Commercial surveillance vendors (CSVs) were behind most zero-day exploits targeting Google products and Android ecosystem devices, responsible for 75% of known zero-day exploits targeting these platforms.
– Google advised high-risk users to enable specific security features and enroll in the Advanced Protection Program (APP) for enhanced account security and built-in defenses against state-backed attackers.
– The Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned multiple spyware operators, and the U.S. State Department announced a new visa restriction policy targeting individuals linked to commercial spyware, prohibiting them from entering the United States.