Google warns attackers are getting worryingly good at exploiting zero-days
Better detection tools have forced hackers to move faster
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
The exploitation of zero-day vulnerabilities, flaws abused before the developers built a fix, is growing faster than the exploitation of n-day vulnerabilities (those for which a patch is already available), according to areportfromGoogleMandiant’s cybersecurity researchers, who describe it as a “worrying trend”.
The researchers recently analyzed 138 exploited vulnerabilities that were disclosed in 2023, and concluded that 70% were abused as zero-days, while 30% were n-days.
In previous years, the ratio was closer to 60% for zero-days, and 40% for n-days, meaning the crooks are growing increasingly reliant on zero-day vulnerabilities.
Social engineering
“While we have previously seen and continue to expect a growing use of zero-days over time, 2023 saw an even larger discrepancy grow between zero-day and n-day exploitation as zero-day exploitation outpaced n-day exploitation more heavily than we have previously observed,” the researchers explained.
Besides the increase in the numbers, the average time-to-exploit (TTE) has also decreased, suggesting that the attackers are exploiting these flaws faster than ever before. Two years ago, the average TTE was 32 days. Last year, it was merely five days, meaning the flaws are getting abused almost immediately.
But there is a silver lining to the research. Mandiant says organizations have gotten better at detecting zero-days, which also resulted in higher numbers in the report. It is quite possible that in previous years, a larger portion of these attacks went unnoticed. Companies have also gotten better at patching. They do it faster, and more frequently nowadays, forcing the hackers to move faster themselves. Hence the shorter TTE.
Looking into the future, Mandiant says the trend of zero-day exploitation is expected to grow, especially with improveddetection tools. Zero-days are likely to remain a highly coveted approach for threat actors because they offer a critical window of attack before patches can be applied.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
If this trend continues, Mandiant anticipates time-to-exploit will fall even further.
More from TechRadar Pro
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days