The exploitation of zero-day vulnerabilities, flaws abused before the developers built a fix, is growing faster than the exploitation of n-day vulnerabilities (those for which a patch is already available), according to a report from Google Mandiant’s cybersecurity researchers, who describe it as a “worrying trend”.
The researchers recently analyzed 138 exploited vulnerabilities that were disclosed in 2023, and concluded that 70% were abused as zero-days, while 30% were n-days.
In previous years, the ratio was closer to 60% for zero-days, and 40% for n-days, meaning the crooks are growing increasingly reliant on zero-day vulnerabilities.
Social engineering
“While we have previously seen and continue to expect a growing use of zero-days over time, 2023 saw an even larger discrepancy grow between zero-day and n-day exploitation as zero-day exploitation outpaced n-day exploitation more heavily than we have previously observed,” the researchers explained.
Besides the increase in the numbers, the average time-to-exploit (TTE) has also decreased, suggesting that the attackers are exploiting these flaws faster than ever before. Two years ago, the average TTE was 32 days. Last year, it was merely five days, meaning the flaws are getting abused almost immediately.
But there is a silver lining to the research. Mandiant says organizations have gotten better at detecting zero-days, which also resulted in higher numbers in the report. It is quite possible that in previous years, a larger portion of these attacks went unnoticed. Companies have also gotten better at patching. They do it faster, and more frequently nowadays, forcing the hackers to move faster themselves. Hence the shorter TTE.
Looking into the future, Mandiant says the trend of zero-day exploitation is expected to grow, especially with improved detection tools. Zero-days are likely to remain a highly coveted approach for threat actors because they offer a critical window of attack before patches can be applied.
If this trend continues, Mandiant anticipates time-to-exploit will fall even further.
More from TechRadar Pro
- What are zero-day vulnerabilities?
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now