GTIG 2024 Zero-Days: Espionage, Enterprise, and the Shifting Landscape

Join us as we dive into Google Threat Intelligence Group's (GTIG) comprehensive analysis of zero-day exploitation in 2024. Drawing directly from the latest research, this episode explores the 75 zero-day vulnerabilities tracked in the wild. While the overall number saw a slight decrease from 2023, the analysis reveals a steady upward trend over the past four years. Discover the significant shift towards targeting enterprise-focused technologies, which jumped to 44% of tracked zero-days in 2024, up from 37% in 2023. We examine why security and networking products have become high-value targets, making up over 60% of enterprise exploitation, and the implications for defenders. Learn about the continued targeting of end-user platforms like desktop operating systems, especially Microsoft Windows, which saw an increase in exploitation, contrasting with decreased exploitation observed in browsers and mobile devices. We also break down who is driving this exploitation, with espionage actors (government-backed and commercial surveillance vendors) leading the charge, accounting for over 50% of attributed vulnerabilities. Hear about the persistent activity of PRC-backed groups targeting security technologies and the notable rise of North Korean actors mixing espionage and financial motives. Finally, we touch on the most frequently exploited vulnerability types and what vendors and defenders can do to counter these evolving threats. This episode provides a detailed look into the complex and changing world of zero-day exploitation in 2024, offering insights beyond just the numbers.