Mandiant released a report analyzing zero-day exploitation trends in 2022 and their relation to nation state cyber activity. Overall, the company tracked 55 zero-day vulnerabilities (measured as a vulnerability exploited in the wild before a patch was released) over the course of the year, a significant increase in comparison to prior years, though not comparable to the record breaking 81 exploits tracked in 2021. Mandiant is confident that 13 of those zero-days were exploited by state actors, with China as the most enthusiastic participant, utilizing seven zero-days. Analysis of this activity found that Chinese threat groups largely focus on network devices and that zero-days exploited by one Chinese group will eventually spread to others, suggesting a formalized logistical process. Russia and North Korea were tied at two zero-days utilized, while financial criminal groups employed four. The report goes on to cover trends in financial exploitation and any implications for cyber security professionals. Members are encouraged to review the report to assist with vulnerability management through identifying the top exploited CVEs based on the products and platforms used in your environment and prioritize accordingly. Read more at Mandiant.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!