2022 Zero-day exploitation continues at an elevated pace

Mandiant, now a part of Google Cloud, tracked 55 zero-day vulnerabilities that the company judges to have been exploited in 2022. Although this count is lower than the record-breaking 81 zero-days exploited in 2021, it still represents almost triple the number from 2020.


Chinese state-sponsored cyber espionage groups exploited more zero-days than other cyber espionage actors in 2022, which is consistent with previous years.


Mandiant identified four zero-day vulnerabilities exploited by financially motivated threat actors. 75% of these instances appear to be linked to ransomware operations.


Products from Microsoft, Google, and Apple made up the majority of zero-day vulnerabilities in 2022, consistent with previous years. The most exploited product types were operating systems (OS) (19), followed by browsers (11), security, IT, and network management products (10), and mobile OS (6).


Mandiant anticipates that the longer term trendline for zero-day exploitation will continue to rise, with some fluctuation from year to year. Attackers seek stealth and ease of exploitation, both of which zero-days can provide. While the discovery of zero-day vulnerabilities is a resource-intensive endeavour and successful exploitation is not guaranteed, the total number of vulnerabilities disclosed and exploited has continued to grow, the types of targeted software, including Internet of Things (IoT) devices and cloud solutions, continue to evolve, and the variety of actors exploiting them has expanded.


Mandiant tracked 13 zero-days in 2022 that were assessed with moderate to high confidence to have been exploited by cyber espionage groups. Consistent with previous years, Chinese state-sponsored groups continue to lead exploitation of zero-day vulnerabilities with seven zero-days exploited or over 50% of all zero-days Mandiant could confidently link to known cyber espionage actors or motivations. Notably, at a slightly elevated rate compared to previous years, the organisation identified two zero-day vulnerabilities that were exploited by suspected North Korean actors.


Commercial vendors again made headlines in 2022 during which tool suites or exploitation frameworks utilised by their customers accounted for three zero-days, or approximately one quarter of all vulnerabilities attributed to state-sponsored espionage activity. Despite recent struggles of some high-profile vendors, Mandiant assesses with moderate confidence that there continues to be a very active and vibrant market for third-party malware, particularly surveillance tools, across the globe.


Though the proportion of zero-days exploited in financially motivated operations declined in 2022, n-day vulnerability exploitation – the exploitation of vulnerabilities that have already received patches – remains one of the most frequently observed initial infection vectors in Mandiant Incident Response and Managed Defense investigations of ransomware and/or extortion incidents. In 2022, Mandiant identified four zero-day vulnerabilities as likely exploited in financially motivated operations, mostly linked to ransomware activity.


See more on the report at this link: https://www.mandiant.com/resources/blog/zero-days-exploited-2022

New Media Releases

Pax8 and CrowdStrike Announce Strategic Partnership to Revolutionise Cybersecurity for Managed Service Providers in the IT Channel

 Pax8, the leading cloud commerce marketplace and CrowdStrike (Nasdaq: CRWD), a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data have announced a strategic partnership. The new alliance will give Managed Service Providers (MSPs) access to bundled product offerings of the CrowdStrike Falcon platform, available directly on the Pax8 Marketplace. The Pax8 and CrowdStrike partnership is the result of a shared commitment to empowering MSPs in effectively mitigating cyber risks for the businesses they serve, ensuring enhanced protection in today’s evolving threat landscape.

Palo Alto Networks and Ingram Micro Australia and New Zealand join forces to bring cutting-edge cybersecurity solutions to businesses

Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, has announced a strategic distribution agreement with Ingram Micro. With heightened demand for cybersecurity solutions across Australia and New Zealand, the agreement will add the full range of Palo Alto Networks solutions, including Prisma Access, Prisma Cloud and Cortex security solutions, to Ingram Micro’s portfolio.

Mastercard Ramps Up Fraud Protection for eCommerce Merchants by Integrating Vesta Solutions into Mastercard Payment Gateway Services

Mastercard today announced the expansion of its partnership with Vesta, the global leader in payment fraud protection. Building on the two firms’ existing fraud detection collaboration, Mastercard will be integrating Vesta’s iron-clad Payment Guarantee™ and Payment Protect risk scoring solution into its Mastercard Payment Gateway Services (MGPS) platform.

Recent Podcast Episodes

The Production Team

The KBI Production Team write and hunt down the information security professionals need to know. They present news updates and thought-piece articles designed to provide educational content and insights for the industry. You can reach out with any ideas or requests for subject coverage to production@kbi.media with your message.

Share This