The discovery and exploitation of zero-day vulnerabilities in enterprise-specific software and appliances appears to be outpacing the exploitation of zero-day bugs overall, judging by Google's latest research.
What is a Zero Day threat?
In a report published today, the web giant's Threat Analysis Group (TAG) and its Mandiant division said they tracked 97 total zero-day vulnerabilities found and exploited by bad guys in 2023, up significantly from the year before, which had 62 such holes. That is an increase of 56 percent.
However, the number of company-specific zero-day vulnerabilities found and exploited in technology increased by 64 percent in 2023 compared to 2022, with 36 of these bugs being exploited by bad guys. That number has grown rapidly over the past five years, we're told, with just 11.8 percent of zero days in 2019 affecting enterprise software.
"This share increased to 37.1 percent by 2023, signaling a continued shift in the types of products targeted for malicious exploitation," according to the report [PDF].
