A new report from Google reveals that hackers increasingly targeted enterprise technologies last year, with nearly half of all tracked zero-day vulnerabilities affecting systems used by large organizations.
According to Google’s annual security analysis, 48 percent of the zero-day flaws identified in the past year were found in software and hardware used by businesses and corporate networks. Zero-day vulnerabilities are security flaws that are unknown to the software maker when attackers begin exploiting them.
Researchers noted that many of these vulnerabilities were discovered in the very tools designed to protect enterprise networks. Security and networking products such as firewalls, VPN systems, and virtualization platforms became frequent targets for attackers seeking to break into corporate infrastructure.
The report specifically highlighted security products from vendors like Cisco and Fortinet, as well as enterprise platforms from Ivanti and VMware. All four companies have recently confirmed that hackers exploited vulnerabilities in their products on customer networks.
Google researchers said attackers often relied on common weaknesses such as poor input validation and incomplete authorization checks. These types of bugs are generally easier to exploit and can allow hackers to bypass firewall or VPN protections, gaining access to internal systems. Fixing these flaws typically requires software updates or security patches.
Another group of enterprise attacks focused on vulnerable business software. One example cited in the report involved the Clop extortion group targeting Oracle E-Business Suite customers. The campaign allowed hackers to steal large amounts of human resources data from multiple organizations, including Harvard University, Envoy Air, a subsidiary of American Airlines, and The Washington Post.
While enterprise systems accounted for a large portion of attacks, consumer software still made up the majority overall. The report found that 52 percent of zero-day vulnerabilities were discovered in consumer and end-user products, including software developed by Microsoft, Google, and Apple.
Most of these consumer-related vulnerabilities were found in operating systems, though mobile devices also experienced an increase in zero-day exploits compared with previous years.
Google also observed a shift in the groups responsible for exploiting these vulnerabilities. The company attributed more zero-day attacks to surveillance vendors than to traditional state-sponsored espionage groups.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
These surveillance vendors often develop spyware and exploit tools that governments purchase to gain access to targeted devices. According to Google, the trend reflects a gradual change in how governments acquire and deploy hacking capabilities.
