China leads in govt-backed exploitation of zero-day bugs: Google report

68

New Delhi, March 27 (IANS) China continues to lead the way for government-backed exploitation of zero-day vulnerabilities and the cyber espionage groups in the country exploited 12 zero-day vulnerabilities in 2023, up from seven in 2022, a Google report said on Wednesday.

A zero-day bug is a vulnerability in a system or device that has been disclosed but is not yet patched.

In 2023, Google observed 97 zero-day vulnerabilities exploited in-the-wild.

That’s over 50 per cent more than in 2022, but still shy of 2021’s record of 106, according to the report by Google’s Threat Analysis Group (TAG) and cyber-security firm Mandiant.

“Attackers are now shifting focus to third-party components and libraries in 2023. Zero-day vulnerabilities in third-party components and libraries were a prime attack surface in 2023, since exploiting this type of vulnerability can scale to affect more than one product,” said James Sadowski, Principal Analyst, Mandiant Intelligence.

The team observed an increase in adversary exploitation of enterprise-specific technologies in 2023, with a 64 per cent increase in the total number of vulnerabilities from the previous year and a general increase in the number of enterprise vendors targeted since at least 2019.

Exploitation associated with financially motivated actors proportionally decreased last year.

“Financially motivated actors accounted for 10 zero-day vulnerabilities exploited in 2023, a lower proportion of the total than what we observed in 2022,” said the Google report.

Organisations need to build defensive strategies that prioritise threats that are most likely to cause damage to themselves and others, it added.

–IANS

na/dan

Go to Source

Disclaimer

The information contained in this website is for general information purposes only. The information is provided by BhaskarLive.in and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.

Through this website you are able to link to other websites which are not under the control of BhaskarLive.in We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.

Every effort is made to keep the website up and running smoothly. However, BhaskarLive.in takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.

For any legal details or query please visit original source link given with news or click on Go to Source.

Our translation service aims to offer the most accurate translation possible and we rarely experience any issues with news post. However, as the translation is carried out by third part tool there is a possibility for error to cause the occasional inaccuracy. We therefore require you to accept this disclaimer before confirming any translation news with us.

If you are not willing to accept this disclaimer then we recommend reading news post in its original language.

Online Cricket Play Online