Move out of the way, 55 vulnerabilities tracked in 2022 and these are zero-days

Posted on by tech

Hello folks,

This is well worth the read. There are some graphics, but the text accompanys the article graphics well enough.

53 out of the 55 used Rempote Code execution which if you’ve been here long enough is bad.

Here’s the executive summary of the article.

  • Mandiant tracked 55 zero-day vulnerabilities that we judge were exploited in 2022. Although this count is lower than the record-breaking 81 zero-days exploited in 2021, it still represents almost triple the number from 2020.
  • Chinese state-sponsored cyber espionage groups exploited more zero-days than other cyber espionage actors in 2022, which is consistent with previous years. 
  • We identified four zero-day vulnerabilities exploited by financially motivated threat actors. 75% of these instances appear to be linked to ransomware operations.
  • • Products from Microsoft, Google, and Apple made up the majority of zero-day vulnerabilities in 2022, consistent with previous years. The most exploited product types were operating systems (OS) (19), followed by browsers (11), security, IT, and network management products (10), and mobile OS (6). 

Heading include:

  • Executive Summary
  • Scope
  • Overall Count
  • State-Sponsored Groups Continue to Drive Exploitation
  • Oops They Did It Again: Chinese Threat Groups Lead Zero-Day Exploitation 

    • China (h3)

  • China Continues to Focus on Network Devices (h3)
  • A Digital Quartermaster? (h3)
  • North Korea (h3)
  • Russia (h3)
  • Commercial Vendors (h3)
  • Financially Motivated Exploitation Less Prominent in 2022
  • You. Will. Be. Popular.
  • Zero-Days Exploited by Product Type (h3)
  • Mobile Operating Systems  (h3)
  • Gaining an Edge, on the Edge (h3)
  • Exploitation Consequences
  • Don’t You Forget About Me: Undue Focus on New Vulnerabilities Can Fatigue Defenders
  • Outlook
  • Implications for Defenders

There’s a wealth of data here and things that might be interest to the general public including a table in one section. I hope people take the time to read it. Its a real eye opener.

Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace is the article. Have fun pulling apart this one!

Discover more from The Technology blog and podcast

Subscribe to get the latest posts sent to your email.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts