With threat actors taking just 60 seconds to move you from being attacked to hacked, Gmail responding to close down exploit loopholes and shady initial access brokers such as the ToyMaker looking for new flaws to use, the last thing you probably want to read is how Google has tracked 75 zero-day vulnerabilities exploited in the wild. Here’s what you need to know.
Google Threat Intelligence Group Report Details 2024 Zero-Day Activity
The truth of the matter is that both Google and Microsoft have good track records when it comes to finding and fixing security vulnerabilities. The majority of these bugs and holes never find their way into the public sphere before a patch has been issued, thanks in no small part to the bug bounty programs operated by the tech giants. In 2024 alone, Google paid an impressive $11.8 million in such rewards, and Microsoft topped even that with $16.6 million paid. It’s not just bounty-hunting hackers that help in the fight against vulnerabilities, however, and Google has a threat intelligence unit dedicated to uncovering and tracking them.
An April 29 report, authored by Google’s Casey Charrier, James Sadowski, Clement Lecigne and Vlad Stolyarov, has revealed the extent of the work done, as it relates to zero-day vulnerabilities at least, across 2024.
The headline numbers are enough to make everyone take security seriously: 75 zero-day vulnerabilities exploited in the wild and targeting smartphones, operating systems, browsers and security software. Perhaps of even more concern is that 50% of these could be linked to attacks concerning spyware.
Zero-Day Attacks Will Continue To Rise According To Google
The Google threat intelligence analysts were not surprised by the numbers revealed during the course of 2024, given that zero-day vulnerabilities present threat actors with unrivaled attack opportunities as far as stealth, persistence, and detection evasion are concerned. “While we observed trends regarding improved vendor security posture and decreasing numbers around certain historically popular products, particularly mobile and browsers,” the report stated, “we anticipate that zero-day exploitation will continue to rise steadily.” The report’s authors said that smartphones and browsers “will almost certainly remain popular targets.”
Source: Google Confirms 75 Zero-Day Attacks: Phones And Browsers Were Targeted
