No Sec Response:
The Zero-Day situation is a joke. New zero-days are found every day, mostly for profit. It is a for profit industry game. There is a cost-benefit con game for the powers that be and for the ones who exploit and/or benefit off of the zero-day marketplace, both legal and illegal realms. Lets invent new solutions rather than keep an industry led grift going guys. NoSec devises ways to reduce, or totally crush, the entry-point of zero-days and/or their existence entirely away from the IT stack.
Article:
Cybersecurity experts are warning that zero-day exploits, which can be used to compromise devices before anyone is aware they’re vulnerable, have become more common as nation-state hackers and cybercriminals find sophisticated ways to carry out their attacks.
Researchers from Google on Wednesday said they observed 97 zero-days exploited in the wild in 2023, compared to 62 in 2022 — a 50 percent increase.
Of the 97 zero-days, the researchers were able to attribute the threat actors’ motivations for 58 of them. Fourty-eight of the vulnerabilities were attributed to espionage actors while the remaining 10 were attributed to financially-motivated hackers.
Three zero-days were exploited by FIN11, and four ransomware gangs — Nokoyawa, Akira, LockBit and Magniber — separately exploited another four. The report notes that FIN11 was behind the 2021 zero-day affecting Accellion’s legacy File Transfer Appliance that was used to attack dozens of high profile institutions.
“FIN11 has focused heavily on file transfer applications which provide efficient and effective access to sensitive victim data without the need for lateral network movement, streamlining the steps for exfiltration and monetization,” the researchers said.
“Subsequently, the large revenues generated from mass extortion or ransomware campaigns likely fuels additional investment by these groups in new vulnerabilities.”
Beijing-linked hackers who were focused on espionage were behind 12 zero-days, up from seven in 2022.
The researchers reported extensively on several Chinese campaigns — including the explicit targeting of Barracuda’s Email Security Gateway — with hackers targeting email domains and users from Ministries of Foreign Affairs of ASEAN member nations as well as individuals within foreign trade offices and academic research organizations in Taiwan and Hong Kong.
Google noted that one zero-day was tied to Winter Vivern, a Belarusian state sponsored cyber group behind several attacks on Ukraine and other European countries. Google said it is the first known instance of reportedly Belarusian-linked espionage groups leveraging zero-day vulnerabilities in their campaigns, suggesting the group “is growing in sophistication.”
In terms of products that were targeted, the researchers found that threat actors sought “vulnerabilities in products or components that provided broad access to multiple targets of choice.”
Enterprise-specific technologies like Barracuda Email Security Gateway, Cisco Adaptive Security Appliance, Ivanti Endpoint Manager Mobile and Sentry and Trend Micro Apex One were repeatedly targeted, the researchers said, adding that these products typically provide widespread access and high-level permissions.
Author: Jonathan Greig
Date: March 27th, 2024
Link: therecord.media/zero-day-exploits-jumped-in-2023-spyware
