Google report finds drop in zero-day exploitation in 2024 but warns enterprise risks are rising

The Google Threat Intelligence Group today released its annual 2024 zero-day trends report, surprisingly finding that there was a reduction in zero-day threats exploited in the wild last year despite a long-term upward trend.

A zero-day threat is a type of cyberattack that targets a software vulnerability unknown to the maker of the software or product and because it’s unknown, no patch or fix is available at the time of exploitation. Attackers exploit undisclosed flaws to gain unauthorized access, steal data, or disrupt systems before defenses can be implemented.

Through 2024, Google’s researchers identified 75 zero-day vulnerabilities exploited in the wild, down from 98 in 2023 but up from 63 in 2022.

Attacks against browsers and mobile devices were found to have declined sharply, while conversely, attackers took a particular interest in enterprise-focused technologies, which became a larger target last year, accounting for 44% of all zero-day exploits. Security and networking appliances were also found to be particularly attractive to attackers, as these systems offer broad access to networks and often have weaker monitoring capabilities.

By operating system and with zero surprise, Microsoft Windows continued to be a popular target for attacks, with the number of exploited zero-day vulnerabilities rising to 22 in 2024. Google’s Chrome remained the most targeted browser and Android devices continued to suffer from vulnerabilities in third-party components, although overall mobile exploitation fell compared to the previous year.

How attacks were getting through are noted in the report to include use-after-free flaws, command injection bugs and cross-site scripting vulnerabilities were the most common. A use-after-free flaw is a vulnerability where a program continues to use memory after it has been freed, allowing attackers to execute malicious code or cause system crashes.

By origin, the report attributed more than half of the exploited zero-days to cyber espionage groups, including actors allegedly backed by China and North Korea. Commercial surveillance vendors are also noted in the report as being active players, although improvements in their operational security made attribution more challenging than it had been in previous years.

Non-espionage groups, such as financially motivated FIN11 and CIGAR, were also observed exploiting zero-days in campaigns aimed at extortion and espionage. Notably, for the first time, North Korean state-backed actors matched alleged Chinese groups in the number of zero-day exploits attributed to them, marking a significant escalation in their operational focus.

Google’s researchers concluded by warning that while vendor security efforts have made it harder to exploit certain technologies, zero-day exploitation is likely to continue rising gradually. The report urges vendors, particularly those providing enterprise software and networking devices, to strengthen their defenses through better coding practices, broader monitoring and architectural safeguards like network segmentation.

Image: SiliconANGLE/Reve

Enjoy the perfect blend of retro charm and modern convenience with the Udreamer Vinyl Record Player. With 9,041 ratings, a 4.3/5-star average, and 400+ units sold in the past month, this player is a fan favorite, available now for just $39.99.

The record player features built-in stereo speakers that deliver retro-style sound while also offering modern functionality. Pair it with your phone via Bluetooth to wirelessly listen to your favorite tracks. Udreamer also provides 24-hour one-on-one service for customer support, ensuring your satisfaction.

Don’t miss out—get yours today for only $39.99 at Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!