Did you know Government Hackers Behind Most 2024 Zero-Day Attacks, Google Flags 23 State-Sponsored Cases, 8 Spyware-Based
A new study by Google
is shedding light on hackers employed by the government and how they
were responsible for most of the attributed zero-day exploits carried
out in 2024.
The report shed light on the growing number of
security flaws that were not known to software makers at that moment in
time. During this period, hackers were silently abusing them. In 2023,
the figure for such attacks fell from 98 to 75. However, the report says
that out of this proportion of zero days that Google might attribute,
it could identify hackers who were in charge of the exploitation.
Interestingly, nearly 23 of those attacked were directly tied to
government-based hackers.
These
held direct relations with the government, and many were related to
China and North Korea. Another eight of such attacks were created by
spyware makers and those enabling surveillance, like the NSO Group,
which is famous for selling only to government authorities. Among the
eight exploits produced by spyware firms, Google counts bugs that got
exploited recently by authorities present in Serbia using software like
Cellebrite to unlock phones.
Despite the cases getting recorded, a
top Google security engineer shared how such firms continue to invest
in more resources in operational security to put an end to capabilities
getting exposed and not showing up in the media.
Google mentioned how surveillance vendors keep proliferating. In cases
when law enforcement action pushed vendors out of their business, they
saw new vendors pop up to provide similar offerings. As long as clients
of the government keep requesting and paying for this, the industry will
keep growing.
The other 11 attacks were most likely related to
cybercriminals who targeted enterprise products such as routers and
VPNs. This report also found that most of the total attacks exploited in
this period were aimed at client platforms and products. This could be
smartphones or browsers. The others exploited products linked to
corporate networks.
The great news here is that, as per Google’s report, software makers defend against zero-day attacks, and they continue to be more complex for exploit makers when finding bugs. They are seeing major falls in zero-day exploits of old famous targets like mobile systems and browsers.
For now, a special feature found on Apple devices called Lockdown Mode is designed to put an end to government hackers attacking phones and macOS. There’s another feature called Memory Tagging Extension that is part of modern Google Pixel chips and assists in detecting specific kinds of bugs to better device security.
These kinds of alarming reports are valuable as they give this industry and observers points worth mentioning. It better contributes to the comprehension of how these hackers work, even if the internal challenge remains undetected.