Microsoft, Google and Apple zero-days were a huge security threat in 2022

News
By published

Operating systems, browsers, and networking solutions hosted most of the zero-days

Silhouette of a hand holding a padlock infront of the google chrome logo
(Image credit: Shutterstock / Ink Drop)

When hackers look for zero-day flaws to exploit and gain a foothold on the target endpoint, they usually look at either Microsoft, Google, or Apple products, according to a new report from cybersecurity researchers Mandiant which claims of the major zero-day vulnerabilities were exploited last year, most targeted the big three.

Zero-days are flaws that have not yet been discovered by security researchers, hence IT teams have had zero days to patch their systems up. As such, they’re every hacker’s most prizer possession as abusing it triggers no alarms.

Of all the possible products that could have been targeted, crooks were keeping their magnifying glasses tightly focused on operating systems, web browsers, and network management products. Windows has had 15 vulnerabilities exploited, Chrome nine, and iOS five. MacOS rounds off the top four with four zero-day vulnerabilities exploited.

Chinese activity

Breaking the findings down geographically, Mandiant says the majority of the zero-days were exploited by Chinese state-sponsored threat actors (7), followed by the Russians (2 - one overlapping), and North Koreans (2). For three, an origin could not be established. Thirteen were exploited by cyber-espionage groups. 

Usually, they would look for flaws that would enable them to gain elevated privileges, or run remote code on vulnerable devices (53 out of 55 flaws).

Read more

> Windows, Chrome and Firefox zero-days exploited to spread malware

> More Microsoft Exchange zero-days exploited in the wild

> Here are the best malware removal tools today

Between edge infrastructure and cloud services, crooks were mostly interested in the former, as these products usually lack proper cybersecurity defences and are more likely to be compromised without alerting the IT teams. At the same time, as more firms migrate to the cloud, the number of disclosed zero-days might shrink, as cloud service providers report security incidents differently, Mandiant claims.

In any case, 2022 had fewer disclosed zero-day flaws (55) compared to the year prior (80), and while that does sound positive, 2022 was a record-breaker when it comes to the number of zero-days actively exploited. The researchers believe that the trend is only going to get worse this year.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
Representational image depecting cybersecurity protection
Hackers are breaking SonicWall products to target business networks
Apple's new "Share Item Location" feature for AirTags.
Apple security alert - zero-day patched, so update your devices now
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
Hacker Typing
Racing against time on a menacing caldera: survey finds majority of organizations take days to tackle critical vulnerabilities, each of them a potential open goal for cybercriminals
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Girl wearing Meta Quest 3 headset interacting with a jungle playset

Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
See more latest
Most Popular
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard