Google: Zero-day exploits increasingly target enterprise technologies
The number of zero-day vulnerabilities exploited in-the-wild jumped significantly in 2023, as threat actors focused their efforts on enterprise-specific software and appliances, according to new research.
In Google’s fifth annual review (PDF) of zero-days exploited in-the-wild, researchers reported observing 97 zero-days in 2023, a 56% jump on the 65 spotted in 2022, but still below 2021’s record of 106.
Notably, there was a 64% rise in adversary exploitation of enterprise-specific technologies last year, continuing a trend the researchers have observed over the past five years. While only 11.8% of zero-days affected enterprise technologies in 2019, the number had climbed to 37.1% by 2023. The increase in enterprise targeting was fueled mainly by exploitation of security software and appliances, the researchers said.