A new report from Google has revealed that nearly half of the zero-day vulnerabilities it tracked last year affected enterprise devices, indicating a significant increase in attacks on large companies by hackers seeking to steal data.
The search and security company’s annual report indicates that 48% of the tracked zero-day vulnerabilities were found in enterprise technologies. Roughly half of these zero-days targeted devices designed to safeguard enterprise networks against digital threats.
Google highlighted that security and networking devices from companies like Cisco, Fortinet, along with VPN and virtualization platforms from Ivanti and VMWare, were among the most targeted by hackers last year. These companies confirmed that hackers had exploited their products on customer networks recently.
Researchers at Google identified that hackers often exploited vulnerabilities such as input validation and incomplete authorization flaws to penetrate firewall and VPN defenses, gaining unauthorized network access. These types of bugs are relatively easy to exploit, necessitating software updates for resolution.
Additionally, Google pointed out other vulnerabilities in enterprise software. It mentioned the Clop extortion group’s attack on Oracle E-Business Suite customers, which led to the theft of substantial human resources data. This affected several organizations, including Harvard University, an American Airlines subsidiary, and The Washington Post.
The remaining 52% of zero-day vulnerabilities were discovered in consumer products from companies like Microsoft, Google, and Apple. Most vulnerabilities in consumer software were found in operating systems, with mobile devices experiencing more zero-days compared to previous years.
Furthermore, Google observed more zero-days attributed to surveillance vendors than traditional government espionage groups. These vendors, typically spyware makers and exploit developers, undertake hacking on behalf of governments, marking a gradual shift in how governments acquire hacking tools.