Google warns attackers are getting worryingly good at exploiting zero-days

A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
(Image credit: Shutterstock / JLStock)

The exploitation of zero-day vulnerabilities, flaws abused before the developers built a fix, is growing faster than the exploitation of n-day vulnerabilities (those for which a patch is already available), according to a report from Google Mandiant’s cybersecurity researchers, who describe it as a “worrying trend”.

The researchers recently analyzed 138 exploited vulnerabilities that were disclosed in 2023, and concluded that 70% were abused as zero-days, while 30% were n-days.

In previous years, the ratio was closer to 60% for zero-days, and 40% for n-days, meaning the crooks are growing increasingly reliant on zero-day vulnerabilities.

Social engineering

“While we have previously seen and continue to expect a growing use of zero-days over time, 2023 saw an even larger discrepancy grow between zero-day and n-day exploitation as zero-day exploitation outpaced n-day exploitation more heavily than we have previously observed,” the researchers explained.

Besides the increase in the numbers, the average time-to-exploit (TTE) has also decreased, suggesting that the attackers are exploiting these flaws faster than ever before. Two years ago, the average TTE was 32 days. Last year, it was merely five days, meaning the flaws are getting abused almost immediately.

But there is a silver lining to the research. Mandiant says organizations have gotten better at detecting zero-days, which also resulted in higher numbers in the report. It is quite possible that in previous years, a larger portion of these attacks went unnoticed. Companies have also gotten better at patching. They do it faster, and more frequently nowadays, forcing the hackers to move faster themselves. Hence the shorter TTE.

Looking into the future, Mandiant says the trend of zero-day exploitation is expected to grow, especially with improved detection tools. Zero-days are likely to remain a highly coveted approach for threat actors because they offer a critical window of attack before patches can be applied.

If this trend continues, Mandiant anticipates time-to-exploit will fall even further.

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Hacker Typing
Racing against time on a menacing caldera: survey finds majority of organizations take days to tackle critical vulnerabilities, each of them a potential open goal for cybercriminals
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
A digital representation of a lock
Exploits on the rise: How defenders can combat sophisticated threat actors
Representational image depecting cybersecurity protection
Hackers are breaking SonicWall products to target business networks
Best free Linux firewalls
Fortinet warns a critical vulnerability in its systems could let attackers breach company networks
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Google Pixel Watch 3 side dial and button
Google Gemini reportedly spotted on Wear OS – could a rollout be close at hand?
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Toni Collette in Hereditary
Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think