On March 21, 2023, threat intelligence firm Mandiant reported that as many as 55 zero-day vulnerabilities were exploited in the wild in 2022. While this figure represents a decrease from the year before, it still represents a significant uptick in recent years of threat actors leveraging unknown security flaws to their advantage. The most exploited product types were desktop operating systems (19), web browsers (11), IT and network management products (10), and mobile operating systems (six). Of the 55 zero-day bugs, 13 were estimated to have been abused by cyber espionage groups and four others exploited by financially motivated threat actors for ransomware-related operations. China-nexus clusters have emerged as the most prolific, exploiting seven zero-days, while North Korean and Russian threat actors have been linked to the exploitation of two zero-days each. Microsoft’s Digital Threat Analysis Center has also warned of a possible renewed destructive campaign mounted by the nation-state group known as Sandworm (aka Iridium) on organizations located in Ukraine and elsewhere.
The rise in zero-day vulnerabilities exploited in the wild highlights the need for vigilance and proactive measures to be taken in order to protect against cyber attacks. Organizations should regularly assess their software and patch any identified flaws, as well as ensure that the necessary security protocols are in place. In addition, they should pay close attention to any suspicious activity and be aware of the tactics used by different threat actors.
Key Points:
• As many as 55 zero-day vulnerabilities were exploited in the wild in 2022.
• Desktop operating systems (19), web browsers (11), IT and network management products (10), and mobile operating systems (six) were the most exploited product types.
• China-nexus clusters were the most prolific exploiters, followed by North Korea and Russia, who each exploited two zero-days.
• Microsoft’s Digital Threat Analysis Center has warned of a possible renewed destructive campaign mounted by Sandworm.
• Organizations should take proactive measures to protect against cyber attacks, including regularly assessing their software and patching any identified flaws.