Enterprise security products are a growing target for threat actors, with the number of exploited zero-day vulnerabilities increasing 19% since 2022, according to Google.
A report from the tech giant’s Google Threat Intelligence Group (GTIG) released today revealed that it tracked 75 zero-day vulnerabilities exploited in the wild in 2024.
Although that figure was down slightly from the previous year’s 98, it’s up from 63 zero-days recorded in 2022. In fact, it could be even higher, given that GTIG suspects commercial spyware vendors are “increasing their operational security practices, potentially leading to decreased attribution and detection.”
Overall, GTIG said the rate of zero-day exploitation is growing “at a slow but steady pace,” with enterprise products increasingly favored over end-user products like mobile devices, browsers and apps.
Read more on zero-days: Google Reports Major Spike in Zero-Day Vulnerabilities
In 2024, 44% (33 vulnerabilities) of tracked zero-days affected enterprise technologies, a bigger share than in any previous year, and up from 37% in 2023. By contrast, the share of zero-days in end-user products fell from 63% to 56% over the same time period.
In particular, GTIG is concerned about the targeting of security and networking products. Zero-days affecting these products accounted for over 60% of all zero-day exploitation of enterprise technologies in 2024, it said.
“Security and network tools and devices are designed to connect widespread systems and devices with high permissions required to manage the products and their services, making them highly valuable targets for threat actors seeking efficient access into enterprise networks,” the report noted.
“Endpoint detection and response (EDR) tools are not usually equipped to work on these products, limiting available capabilities to monitor them. Additionally, exploit chains are not generally required to exploit these systems, giving extensive power to individual vulnerabilities that can single-handedly achieve remote code execution or privilege escalation.”
Vendors Must Try Harder
While the number of enterprise products being exploited is roughly speaking on the rise, browser and mobile OS vendors are taking more effective steps to mitigate exploitation, the report claimed.
“We’re seeing zero-day exploitation shift towards the increased targeting of enterprise-focused products, which requires a wider and more diverse set of vendors to increase proactive security measures,” said GTIG senior analyst, Casey Charrier.
“The future of zero-day exploitation will ultimately be dictated by vendors’ decisions and ability to counter threat actors’ objectives and pursuits.”
Cyber-espionage remains by far the most common end goal in these attacks, with government-backed groups (29%) and customers of commercial surveillance vendors (24%), accounting for more than half of zero-day attacks in 2024.
Image credit: Sundry Photography / Shutterstock.com
