A new report from Google reveals a significant shift in the focus of cyber attackers. Last year, approximately half of all tracked zero-day bugs targeted enterprise devices, setting a new record. Zero-day bugs are vulnerabilities unknown to the software maker at the time they are exploited. This trend highlights how hackers are increasingly developing new methods to attack large companies and steal sensitive data.
According to Google’s annual review, forty-eight percent of these zero-day vulnerabilities were found in technologies used by corporations. Notably, about half of those enterprise-targeted zero-days exploited the very security and networking devices designed to protect corporate networks from digital intruders. Top targeted vendors included makers of firewalls, such as Cisco and Fortinet, along with providers of VPN and virtualization platforms like Ivanti and VMware. All four companies have confirmed that hackers exploited their products on customer networks in recent months.
Google’s researchers explained that hackers often used common flaws to break through defenses. These included issues like input validation errors and incomplete authorization processes, which allowed attackers to bypass firewalls and VPNs to access customer networks. While these types of bugs are generally easier to exploit, they typically require a software update to fix.
The other half of the enterprise zero-days involved other vulnerable software. Google highlighted the Clop extortion gang’s campaign against customers using Oracle E-Business Suite. This attack resulted in hackers stealing extensive human resources data from dozens of organizations, including information about staff and executives. Among the affected entities were Harvard University, the American Airlines subsidiary Envoy, and The Washington Post.
The remaining fifty-two percent of zero-day bugs were identified in consumer and end-user products from companies like Microsoft, Google, and Apple. Most consumer software zero-days were found within operating systems, and mobile devices experienced more zero-days than in previous years.
Google’s report also noted a change in the actors behind these exploits. The company attributed more zero-days to surveillance vendors than to traditional government-backed espionage groups. These surveillance vendors are typically spyware makers and exploit developers who work on behalf of governments to hack into personal devices. Google stated this shift demonstrates a slow but sure movement in how governments are seeking access to hacking tools.