Hacker groups found and exploited a large number of zero-day issues in software in 2022, according to a new report from the security firm Mandiant. The study said that the firm tracked 55 zero-day vulnerabilities that were actively used by hackers in the past year. The number is down from 88 zero-day exploits that were used in 2021. However, the 2022 numbers are still well ahead of most previous years.
As you might expect, software products made by Microsoft, Google, and Apple were found to have the most zero-day exploits in 2022. Microsoft had a total of 18 zero-day issues in 2022, according to the report, followed by Google with 10, and Apple with 9. The report says that 13 zero-day issues were accessed by cyber espionage groups, and Chinese state-sponsored groups were suspected in seven of those reports. Four exploits were reportedly used by hacker groups with financial motives.
As for the future of these kinds of problems cropping up, Mandiant expects that in the long term, reports of these kinds of exploits will keep going up on average. It added:
Attackers seek stealth and ease of exploitation, both of which zero-days can provide. While the discovery of zero-day vulnerabilities is a resource-intensive endeavor and successful exploitation is not guaranteed, the total number of vulnerabilities disclosed and exploited has continued to grow, the types of targeted software, including Internet of Things (IoT) devices and cloud solutions, continue to evolve, and the variety of actors exploiting them has expanded.
Just last week, Microsoft fixed a critical zero-day issue in Outlook that was being used by a hacker group to attack a number of European government and military organizations in 2022.