Executive Summary

Mandiant recently published their report on zero-day attacks in 2022. A zero-day attack is an attack that relates to a previously unknown vulnerability and for the third year running, Microsoft, Google and Apple were the most frequently targeted by zero-day attacks. The most exploited avenues of attack were operating systems and browsers.

What’s the risk to me or my business?

A significant number of users include Microsoft, Google and or Apple as part of their supply chain and must therefore be aware of vulnerabilities in these vendors. It is not unusual for an exploited zero-day vulnerability to have a delay between the time it is discovered and the time it is patched; although sometimes a workaround is released in the meantime. The delay between disclosure and patching can potentially contribute to many systems remaining unpatched for months and workarounds can create a false sense of security during this period. An unpatched system leaves an organisation’s data at risk from compromise.

What can I do?

It is increasingly important for organisations to efficiently and effectively prioritise their patching and understand their part in the process; this should include organisations being aware of which systems are awaiting a patch, and of these, which are critical. Organisations who use SaaS solutions typically benefit from the vendor deploying patches but organisations should not become complacent and should, where appropriate, seek assurance that systems are indeed patched up to date.

To be more cyber resilient, organisations should make use of threat intelligence as part of their attack surface management and understanding of actively exploited vulnerabilities.

The report conducted by Mandiant can be found here: https://www.mandiant.com/resources/blog/zero-days-exploited-2022

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity