Summary: Googleβs Threat Intelligence Group (GTIG) highlights a significant shift in zero-day exploitation towards enterprise software and infrastructure, reporting that these targets accounted for 44% of all exploited vulnerabilities in 2024. While the total count of zero-days decreased, the sophistication of attacks intensified, particularly against security and networking tools. The report indicates a pressing need for enhanced security measures and proactive strategies to defend enterprise environments effectively.
Affected: Enterprises and organizations utilizing software from vendors like Ivanti, Palo Alto Networks, and Cisco.
Keypoints :
- 44% of zero-day vulnerabilities were exploited in enterprise software, a record high for 2024.
- Security tools emerged as major targets, with over 60% of enterprise-specific zero-days affecting networking and security appliances.
- There’s an expected increase in targeting enterprise products, urging investment in secure-by-design principles and tighter access controls.
- State-sponsored actors were responsible for over 50% of zero-day exploits, with a notable rise in attacks tied to both PRC and North Korean groups.
- The most attacked vulnerability types included use-after-free, command injection, and cross-site scripting, particularly affecting core enterprise tools.
Source: https://thecyberexpress.com/google-2024-zero-day-exploitation-analysis/