Cyber security challenges are rising rapidly for tech firms as the number of cyber attacks and the sophistication of cyber criminals continue to increase. Tech firms are often targeted because they hold valuable information and data that can be stolen or sold on the black market, such as customer data, financial information, and intellectual property. Researchers have tracked 55 zero-day vulnerabilities that were exploited in 2022 by hackers, most targeting Microsoft, Google, and Apple products, a new report has shown.
According to information security company Mandiant, products of Microsoft, Google, and Apple made up the majority of zero-day vulnerabilities in 2022, consistent with the previous years. The most exploited product types were operating systems (19), followed by browsers (11), security, IT, and network management products (10), and mobile OS (six).
Zero-day vulnerabilities are security flaws in software that are publicly disclosed or exploited before a developer is aware of it or releases a fix.
They are extremely valuable to hackers because exploiting them is simple and stealthy because there are no protection measures or specific monitoring to track and stop the attacks.
Regarding the targeted products, Windows was hit with 15 zero-day flaws in 2022, followed by Chrome with nine actively exploited flaws, iOS with five zero-day flaws, and macOS with four zero-day flaws.
The report said that the Chinese state-sponsored cyber espionage groups exploited more zero-days than other cyber espionage actors in 2022, which is consistent with the previous years.
Threat actors exploited 80 zero-day flaws in various products to perform security breaches in 2021, indicating a slight decrease from the previous year.
About four zero-day vulnerabilities were exploited by financially motivated threat actors, with 75 percent of these instances being linked to ransomware operations.
The report said that cyber-espionage groups exploited 13 of the 55 zero-day flaws exploited in 2022, while Chinese cyberspies leveraged seven.
Cybercriminals are becoming increasingly sophisticated in their attacks, using advanced techniques such as social engineering, malware, and ransomware to gain access to networks and steal data.
Also Read: Credentials database theft, reused passwords dangerous entryway
