New report highlights progress in combating zero-day attacks, emphasizing industry collaboration
Google recently released a report about zero-day attacks in 2023. They found 97 cases where hackers used these secret weaknesses to break into systems, which is more than 50% higher than in 2022, but less than in 2021. This is Google’s fifth yearly report on these attacks, and it’s the first time they worked with Mandiant on it.
Understanding Zero-Day Attacks: A zero-day attack is a type of cyberattack that uses a secret or unpatched security flaw in computer software, hardware, or firmware.
It is a security flaw or loophole in a computer system that the owners or developers are unaware of. Hackers often exploit this loophole to launch attacks on individuals or organizations.
Google CEO Sundar Pichai said in a post on X, “New report from our Threat Analysis Group + Mandiant observed 97 zero-day vulnerabilities exploited in the wild in 2023, up 50% from 2022.”
“Good news: investments are making a difference – vulnerabilities once common are virtually non-existent today,” he added.
More Insights from the Report: To bring out the report, both TAG and Mandiant pooled their knowledge to analyze zero-day exploits used against various platforms and products, including end-user devices like mobile phones, operating systems, web browsers, and other applications, as well as enterprise-focused technologies such as security software and appliances.
As per an ET report, the company said in its report, “Upon analyzing the data, we observe advancements in combating zero-day vulnerabilities. Companies like Apple, Google, and Microsoft, who provide platforms for end-users, have made significant investments. These investments have visibly reduced the types and occurrences of zero-day vulnerabilities that attackers can exploit. Security weaknesses that were common in the past are now almost non-existent.”
The report emphasized that businesses are encountering an increasing volume of attacks aimed at a broader array of software and tools they rely on. This encompasses vulnerabilities unique to enterprise technologies.
As per the report, both teams have been successful in promptly addressing attacker exploits. However, currently there’s a challenge to expand this approach to cater to a wider range of vendors who are facing escalating threats.
