Google Confirms Massive Increase In Zero-Day Vulnerabilities Exploited In Attacks Due To Spyware Vendors

Google has published a new report that speaks about the significant rise in zero-day vulnerabilities that continue to be exploited in attacks from 2023.

Both its Threat Analysis Group, as well as the company’s subsidiary firm Mandiant, mentioned how the figures continue to grow as we speak and a lot of that has to do with spyware vendors.

The figures reached 97 zero-days and that stood for more than a 50% rise when you compare it to the past which was just 62. But despite such an increase, the numbers are still much lower than the rise of 106 seen back in the year 2021.

Both entities collectively witnessed 29 out of the 97 vulnerabilities. They even spoke about 61 impacted end users who made use of Google’s products and services such as mobile phones, browsers, and social media apps.

Furthermore, the rest of them were utilized to attack tech like security software and a host of other leading devices in this regard. As far as the enterprise side is concerned, there’s a mega array of vendors as well as products under target and we’re seeing more specific tech getting impacted as a result of this.

Let’s not forget how they’ve seen that as the years pass by, the faster they’re discovering the patch featuring bugs from attackers and this means shorter lifespans arising due to the exploit in question.

In 2023, plenty of threat actors made use of zero-day vulnerabilities that went up to Figure 10. And interestingly, it was China that was highlighted as being behind most of the attacks that had support from the government. Some of those entailed espionage groups from the country which was a trend moving upward.

In 2023, it was all thanks to commercial surveillance that seemed to be the culprit of these attacks that kept on targeting both Android as well as Google devices.

They include up to 75% of all those zero-day exploitations that kept on hitting the platforms. In addition to that, there were vendors

Other than that, most of the 37 zero-day vulnerabilities found on browsers as well as devices that were exploited in 2023 had Google linking close to 60% of all CSVs that keep on selling spyware to clients in the government.

Way back in February, Google revealed how so many of those zero-day vulnerabilities found by the TAG group ended up getting traced to makers in charge of mercenary spyware.

Google has outlined a host of spyware vendors in its report on the matter.

So what is the solution in terms of showing protection against these types of attacks? Well, to begin with, the search engine giant has added advice to activate memory tagging extensions for those deemed high-risk. They can use extensions that enable memory tagging across the Pixel 8 devices as well as making use of Lockdown modes for iPhones.

Similarly, the firm feels that users deemed high risk on its Chrome must toggle features like HTTPS-First Mode. This would then disable the likes of v8 Optimizers so that all potential security risks are eliminated there and then attackers cannot manipulate user information or add any kind of malicious codes either.

In addition to that, the company has rolled out suggestions for high-risk individuals to get enrolled in the Advanced Protection Program which gives more account security and a host of built-in series of defenses. This would protect against many attackers backed up by the state.

Read next: EU Court Orders Amazon to Create Public Ad Library, Complying with Digital Services Act for Transparency
Previous Post Next Post