Google Cloud Threat Intelligence Group (GTIG) announced on the 30th that it has released the '2024 Zero-Day Report,' which analyzes zero-day vulnerabilities exploited in actual attacks throughout the year 2024.
A zero-day refers to a security vulnerability that has been discovered but for which no solution (patch) has yet been provided, allowing hackers to exploit it immediately.
GTIG tracked a total of 75 zero-day vulnerabilities this year, a decrease from the previous year (98) but higher than in 2022 (63). The report emphasized that zero-day attacks continue to rise, particularly highlighting a steady increase in attacks targeting enterprise technology. In 2023, 37% of all zero-days targeted enterprise technology, while in 2024, this rose to 44%.
Notably, the report highlights the zero-day attack activities of hacking groups backed by China and North Korea. The state-sponsored group from China exploited five zero-day vulnerabilities this year, while the North Korean hacking organization reportedly conducted the same number of five zero-day attacks. This is interpreted as a sign that North Korean groups are fully engaging in zero-day attacks.
GTIG analyzed that North Korean hacking groups are concurrently conducting cyber espionage activities for information gathering and monetary operations to fund the regime, utilizing zero-day technology to increase the range and precision of their attacks. They also tend to exhibit characteristics of collaboration between organizations, such as overlapping attack targets or sharing tactics.
Meanwhile, the report pointed out the expanded role of commercial surveillance software companies (CSV). CSV customers exploited eight zero-day vulnerabilities this year for cyber attacks, which indicates that the threshold for zero-day attacks is lowering.
Casey Sherrier, a senior analyst at GTIG, noted, "Zero-day attacks are increasing slowly but steadily, particularly those targeting enterprise products," and "corporations must be more proactive in strengthening security measures."