2023 sees 50% spike in zero-day exploits, fueled by spyware vendors
The surge was driven by sophisticated cybercriminal tactics and espionage motivations, and cybersecurity experts caution against the rising threat posed by nation-state hackers, financially-motivated actors, and the exploitation of enterprise-specific technologies by commercial surveillance vendors
Cybersecurity experts are warning about the alarming rise of zero-day exploits, marking a 50% increase in incidents throughout 2023 compared to the previous year. These exploits are increasingly being leveraged by nation state hackers and cybercriminals employing more sophisticated attack strategies.
According to researchers from Google, a total of 97 zero-day exploits were observed in the wild in 2023, compared to 62 in 2022. Among these exploits, researchers were able to attribute the motivations behind 58 instances, with espionage actors accounting for 48 and financially motivated hackers for the remaining 10.
Of particular note were the activities of various hacking groups. FIN11, notorious for its involvement in the 2021 Accellion File Transfer Appliance breach, exploited three zero-days, while four ransomware gangs separately utilized another four.
Attributions also revealed that Beijing-linked hackers, primarily focused on espionage, were responsible for 12 zero-days, indicating a significant increase from the previous year’s count of seven. These hackers extensively targeted entities such as Barracuda’s Email Security Gateway, Ministries of Foreign Affairs in ASEAN member nations, foreign trade offices and academic research organizations in Taiwan and Hong Kong.
Moreover, a concerning trend emerged in exploiting enterprise-specific technologies, particularly security software and appliances. Commercial surveillance vendors (CSVs) were identified as key players in exploiting browser and mobile device vulnerabilities, with 75% of known zero-day exploits targeting Google products and the Android ecosystem attributed to them.
Maddie Stone, a researcher with TAG, highlighted the alarming dominance of CSVs in exploiting zero-day vulnerabilities, emphasizing the urgent need for global norms to regulate this industry.
Additionally, Google emphasized the proliferation of intra-browser attacks, citing instances where vulnerabilities in third-party components affected multiple browsers. This trend underscores the evolving landscape of cyber threats, with hackers increasingly targeting shared components to maximize the impact of their exploits.
Despite these challenges, the report also highlights promising developments in vendor mitigations, which have demonstrated effectiveness in thwarting exploit chains used in the wild. These advancements underscore the critical role of proactive security measures in mitigating the risks posed by zero-day exploits and bolstering overall cyber resilience.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.