Cyber Blog

In 2024, Google found that hackers were able to use 75 serious security flaws in software before they were fixed. These flaws are known as zero-days because they are discovered and used by hackers before the company has a chance to fix them.

While the number of zero-days was lower than in 2023 (98 flaws), it was still higher than the year before (63 flaws).

The most concerning part? Almost half of these flaws (44%) were used to attack software that businesses rely on to protect their data. In fact, 20 of these flaws were found in tools that businesses use to secure their networks.

Google’s security team also said that there were fewer attacks on web browsers and mobile phones this year. But when hackers did attack mobile devices, they often used several flaws at once to break in.

Here’s a breakdown of how many flaws affected major companies:

• Microsoft: 22 flaws
• Google’s Android: 7 flaws
• Google’s Chrome: 7 flaws
• Apple’s Safari: 3 flaws
• Apple’s iPhones: 2 flaws
• Mozilla’s Firefox: 1 flaw
  Some of these problems were not in the main software but in extra tools that work with them.

Hackers also targeted important business tools from companies like Ivanti, Palo Alto Networks, and Cisco. These tools are used to connect different parts of a business and often have powerful access to internal systems — making them attractive targets for hackers.

In total, 18 different companies had security flaws exploited in 2024. The companies most affected were:

• Microsoft (26 flaws)
• Google (11 flaws)
• Ivanti (7 flaws)
• Apple (5 flaws)

Who’s Behind These Attacks?

Google says many of these attacks were carried out by:

• Hackers supported by foreign governments, especially from China, Russia, South Korea, and North Korea
• Companies that sell spying tools to governments
• Criminal groups who want to steal money
• Hackers doing both spying and stealing

For example, in November 2024, Google found that a Ukrainian government website had been secretly changed to launch attacks on people visiting it. Hackers used this site to steal login information for Microsoft accounts.

In another case, hackers used flaws in the Firefox web browser to get around security protections and install harmful software. The group behind this attack is known by several names, including RomCom and CIGAR. They used a hacked cryptocurrency news website to lure victims.

What’s Being Done About It?

Google says that although zero-day attacks are still happening, some companies are doing a better job of preventing them. Fewer flaws are being found in popular software because these companies have worked harder to secure their products.

But now, more attacks are focusing on business tools used by larger companies. These tools often come from smaller companies that may not have the same resources to keep them safe from hackers.

In short, the future of these attacks will depend on how quickly software companies can fix problems before hackers can exploit them.