In 2022, Zero-Day Exploitation Continued at an Elevated Pace with Apple's iOS having been the #1 Target in the Mobile Space
Mandiant is recognized by enterprises, governments and law enforcement agencies worldwide as the market leader in threat intelligence and expertise gained on the frontlines of cyber security. Earlier this week Mandiant published a detailed report titled "Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace." In 2022, Mandiant tracked 55 zero-day vulnerabilities that were judged as being exploited.
The report further noted that Chinese state-sponsored cyber espionage groups exploited more zero-days than other cyber espionage actors in 2022, which is consistent with previous years.
Further, the report pointed to Apple, Microsoft and Google as being the companies that experienced the majority of zero-day vulnerabilities in 2022, making up 46 out the 55 vulnerabilities in 2022. The most exploited product types were operating systems (OS) (19), followed by browsers (11), security, IT, and network management products (10), and mobile OS (6).
Mandiant considers a zero-day to be a vulnerability that was exploited in the wild before a patch was made publicly available. Their in-depth report examines zero-day exploitation identified in Mandiant's original research, combined with breach investigation findings, and reporting from open sources, focusing on zero-days exploited by named groups. The report discusses overall takeaways from threat actor activity, vulnerability trends, and targeted vendors and products.
Zero-Days Exploited by Product Type
The most exploited products were operating systems (OS) (19); followed by browsers (11); security, IT, and network management products (10); and mobile OS (6).
- Desktop operating system exploitation continues to primarily affect Windows, with 15 zero-days exploiting this product in 2022. In comparison, macOS was exploited in only four out of 19 identified OS zero-days.
- Browser exploitation saw an even higher bias toward its top target, Chrome, with 9 out of 11 browser zero-day vulnerabilities, compared to Firefox's two. This trend reinforces our judgment that popular technologies are the most desirable targets to threat actors since Chrome is the browser choice of the majority of web users, estimated at about 60–65% use globally.
Mobile Operating Systems saw six mobile OS zero-day vulnerabilities as exploited in 2022. With Apple being a leader in mobile devices, iOS experienced 5 out of 6 zero-day incidences.
Overall, desktop technologies likely will remain of interest to threat actors given their role in enterprise networks and access to critical data.
Almost all 2022 zero-day vulnerabilities (53) were exploited for the purpose of achieving either (primarily remote) code execution or gaining elevated privileges, both of which are consistent with most threat actor objectives. While information disclosure vulnerabilities can often gain attention due to customer and user data being at risk of disclosure and misuse, the extent of attacker actions from these vulnerabilities is often limited. Alternatively, elevated privileges and code execution can lead to lateral movement across networks, causing effects beyond the initial access vector. For more data on this subject, review the full Mandiant report.