Skip to main content
close search
site logo
Dive Brief

Zero-day exploits swelled in 2023: Mandiant

Of the 138 actively exploited vulnerabilities disclosed in 2023 and later analyzed by the threat intelligence firm, 97 were exploited as zero-days.

Published Oct. 18, 2024
Matt Kapko's headshot
Senior Reporter
Binary code of ones and zeros
Computer binary code of ones and zeros displayed on a warped digital screen with black and white matrix numbers. deberrar/Getty Images via Getty Images

Dive Brief:

  • Zero-days composed the majority of vulnerabilities Mandiant tracked as exploited in the wild last year, the threat intelligence and incident response firm said in a Wednesday blog post.
  • Of the 138 actively exploited vulnerabilities disclosed in 2023 and later analyzed by Mandiant, 97, or 70%, were exploited as zero-days, researchers said. Zero-days, software defects that were exploited before vendors released patches, accounted for 62% of actively exploited vulnerabilities tracked by Mandiant in 2021 and 2022.
  • “We continue to see zero-day exploitation rise over time,” Casey Charrier, co-author of the research and Mandiant senior analyst at Google Cloud, said via email. “A critical question to consider is if you’re prepared for the next discovered vulnerabilities to be exploited before you know they exist.”

Dive Insight:

Attackers continued to primarily search for vulnerabilities in the most widely used platforms from Microsoft, Apple and Google, but Mandiant also observed growth in the number and variety of exploited vulnerabilities by vendor.

Two in 5 actively exploited vulnerabilities tracked by Mandiant were linked to Microsoft, Apple and Google products in 2023. The trio of tech giants accounts for just under half of the actively exploited vulnerabilities tracked by Mandiant in 2021 and 2022.

Mandiant said vulnerabilities in 56 vendors were targeted for exploitation in 2023, compared to 44 vendors in 2022.

“As more vendors are targeted for exploitation, defenders can expect less predictability around what products will be exploited,” Charrier said. “While some products remain ubiquitous, a continued increase in available tools, systems, and platforms expands points of entry into and pivot points around targeted environments.”

The use of unsafe memory code remains a major factor in zero-day exploits. In a separate blog this week, Google said it estimates 3 in 4 zero-day exploits are linked to memory-safety vulnerabilities.

“Continued use of zero-day vulnerabilities will allow attackers to remain steps ahead of defenders,” Charrier said.

“Defenders are hindered by the nature of zero-day vulnerabilities as well as the inconveniences of patching,” Charrier said. “It’s difficult to narrow the gap when the ever-growing existence of technologies expands attack surfaces which only provide more room for exploitation.”

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell