Rise In Zero-Day Vulnerabilities | Google Security Analysts Warning – Technologist

In 2023, Google Mandiant reported a sharp rise in cybercriminals being able to exploit zero-day vulnerabilities, underscoring a significant shift in threat actor capabilities. According to Mandiant and Bleeping Computer, 70% of the 138 actively exploited vulnerabilities this year were zero-day flaws, meaning they were exploited before vendors could patch them. This trend demonstrates an increase in adversaries’ ability to discover and act on previously unknown weaknesses, leaving vendors and organisations scrambling to respond.

This shift is particularly notable because, from 2020 to 2022, the ratio of n-day to zero-day vulnerabilities remained relatively steady. However, in 2023, the ratio shifted to 3:7, suggesting an increase in zero-day exploitation rather than a decrease in the exploitation of patched vulnerabilities (n-days). This year also saw a rise in impacted vendors, with 56 vendors affected compared to 44 in 2022 and 48 in 2021.

Speed of Exploitation Accelerating

Another trend of concern is the reduced time taken to exploit a newly discovered flaw, now averaging just five days—down from 32 days in 2021-2022 and a staggering 63 days in 2018-2019. This shorter timeframe means organisations must prioritise real-time detection and swift patching strategies, as network segmentation and timely responses become essential to mitigate potential data breaches.

In 2023, Mandiant found that 75% of exploits were disclosed to the public before active exploitation began, with the remaining 25% becoming public after hackers were already using them in the wild. This finding challenges the assumption that proof-of-concept (PoC) disclosures drive malicious exploitation. Two vulnerabilities highlighted by Google, CVE-2023-28121 (WordPress plugin) and CVE-2023-27997 (Fortinet FortiOS)—demonstrate that the timeline of exploitation varies based on factors like flaw complexity, target value, and attacker motivation rather than just PoC availability.

Strengthening Defence Against Zero-Day Threats

Given the speed and volume of zero-day exploitation, businesses must elevate their cyber defence measures. Key actions include:

Accelerated Patch Management
With TTE decreasing, implementing a rapid patching cycle is essential. System administrators should also focus on patching critical vulnerabilities immediately.

Real-Time Threat Detection
Continuous monitoring, anomaly detection, and advanced threat intelligence enable rapid detection of unusual activity that could indicate zero-day exploitation.

Network Segmentation
Segmenting the network can limit the reach of an attacker, protecting critical data and systems even if an entry point is breached.

Employee Training
Regular training helps staff identify and respond to phishing and other attack vectors, which are standard methods for zero-day exploits to enter systems.

Coping with the rise in Zero-Day Vulnerabilities and Cyber Threats

The evolving nature of zero-day threats and the rise in Zero-Day vulnerabilities means that organisations must adopt a proactive approach to cyber security, combining technology and best practices to safeguard systems against the rapid pace of modern cyber attacks.