Researchers have tracked 55 zero-day vulnerabilities that were exploited in 2022 by the hackers, most targeting Microsoft, Google and Apple products, a new report has shown.
According to information security company Mandiant, products of Microsoft, Google and Apple made up the majority of zero-day vulnerabilities in 2022, consistent with the previous years, and the most exploited product types were operating systems (19), followed by browsers (11), security, IT, and network management products (10), and mobile OS (six).
Zero-day vulnerabilities are security flaws in software that are publicly disclosed or exploited before a developer is aware of it or releases a fix.
They are extremely valuable to hackers because exploiting them is simple and stealthy because there are no protection measures or specific monitoring to track and stop the attacks.
In terms of the targeted products, Windows was hit with 15 zero-day flaws in 2022, followed by Chrome with nine actively exploited flaws, iOS with five zero-day flaws, and macOS with four zero-day flaws.
The report said that the Chinese state-sponsored cyber espionage groups exploited more zero-days than other cyber espionage actors in 2022, which is consistent with the previous years.
Threat actors exploited 80 zero-day flaws in various products to perform security breaches in 2021, indicating a slight decrease from the previous year.
About four zero-day vulnerabilities were exploited by financially motivated threat actors, with 75 per cent of these instances appearing to be linked to ransomware operations.
The report said that cyber-espionage groups exploited 13 of the 55 zero-day flaws exploited in 2022, while Chinese cyberspies leveraged seven.