A recent report by cybersecurity company Mandiant has revealed that hackers actively exploited 55 zero-day vulnerabilities in 2022, most of which targeted Microsoft, Google, and Apple products. Of the 55 vulnerabilities, 53 enabled the attacker to gain elevated privileges or perform remote code execution on vulnerable devices.
Zero-day vulnerabilities are security weaknesses in software products that are publicly disclosed or exploited before a developer knows about it or releases a fix.
The report notes that these vulnerabilities are particularly valuable to hackers because exploiting them is easy and stealthy since there are no protection measures or specific monitoring to track and stop the attacks.
The majority of last year’s zero-day flaws were exploited by Chinese state-sponsored actors, and most concerned operating systems, web browsers, and network management products. Mandiant reports that 13 of the 55 zero-day flaws were exploited by cyber-espionage groups, while financially motivated threat actors are responsible for exploiting four zero-day vulnerabilities.
At least three zero-days were discovered by semi-legal malware vendors, highlighting the continued problem of commercial spyware.
Despite the challenge of protecting systems from zero-day exploitation, organizations can take steps to mitigate the impact of such attacks.
These include not exposing internal devices to the Internet unless necessary, utilizing private tunnels or VPNs to access servers rather than exposing them to the Internet, applying the principle of least privilege to limit user access rights to the minimum necessary, implementing network segmentation to limit the spread of an attack in the case of a breach, and using network monitoring, firewalls, email and web filtering products, and endpoint security tools.
Admins are advised to subscribe to product announcements or security bulletins from their vendors to stay on top of new updates as they are released.
Mandiant expects the trend of zero-day exploitation to continue upward for 2023, although the ongoing migration to cloud services may reduce the number of disclosed zero-day flaws, as cloud vendors follow a different approach in security reporting.
Mandiant also notes that cyber-espionage groups have preferred targeting “edge infrastructure” products as those usually lack detection solutions and are less likely to raise alarms, and that financially motivated threat actors are increasingly using ransomware as a tactic.
