Photo credit: arstechnica.com
Governments Hacking Enterprise
In recent years, the trend of zero-day attacks has shifted significantly. Back in 2021, the Global Technology Intelligence Group (GTIG) identified 95 zero-day vulnerabilities, with a notable 71 targeting end-user systems such as browsers and smartphones. By 2024, however, the landscape has evolved, with 33 out of 75 vulnerabilities now directed at enterprise technologies and security systems. This marks a striking 44 percent focus on enterprise targets, the highest percentage recorded to date.
GTIG has reported that zero-day attacks have been aimed at 18 distinct enterprise entities, including tech giants like Microsoft, Google, and Ivanti. While this number is slightly down from the 22 firms affected in 2023, it represents a significant rise compared to just seven firms targeted in 2020.
The elusive nature of these attacks often complicates attribution, but Google managed to associate 34 of the 75 zero-day incidents with specific actors. The most prevalent category, encompassing 10 detections, falls under traditional state-sponsored espionage, primarily focused on intelligence gathering without financial motives. Notably, China has been identified as the main contributor in this area. Additionally, North Korea was linked to five zero-day attacks, although their campaigns typically sought financial gain, such as cryptocurrency theft.
The prevalence of government-sponsored hacking is substantial. GTIG also pointed out that eight of the severe hacks detected were the work of commercial surveillance vendors (CSVs), companies that develop hacking tools purportedly for governmental use. Companies like NSO Group and Cellebrite fall into this category, with NSO Group already facing U.S. sanctions for its dealings with hostile nations.
In total, 23 of the 34 attributed attacks can be traced back to governmental origins. Additionally, some attacks, while not directly launched by state actors, exhibited espionage characteristics that hinted at a connection to government interests. On the other hand, Google observed five non-governmental zero-day campaigns driven by financial motives that did not involve espionage tactics.
Looking ahead, Google’s security experts predict a continuing rise in zero-day attacks. These hidden vulnerabilities can be costly to uncover or acquire, but the extended period before detection offers hackers a lucrative opportunity to exploit sensitive information or assets. To counter esta growing threat, Google recommends that enterprises enhance their capabilities to detect and mitigate malicious activities. This includes designing systems with greater redundancy and implementing more stringent access controls. For individual users, vigilance remains key in navigating this challenging landscape.
Source
arstechnica.com