Google discovered the most 0-day vulnerabilities in 2023

Google said that 80 percent of the zero-day vulnerabilities identified in 2023 by the Google Threat Analysis Group (TAG) are related to commercial spyware vendors. These vulnerabilities were used to spy on various devices and their owners around the world.

Typically, spyware vendors direct attacks against journalists, activists, and political figures on behalf of their customers, including governments and private organizations.

Google’s monitoring has revealed that 35 of the 72 known zero-day exploits affecting its products over the past ten years can be linked to commercial spyware vendors. These findings underscore the importance of continuous monitoring and detection of such threats to ensure the security of users and the community at large.

Google reports that this estimate is a minimum because only known 0-day exploits are considered. The actual number of such exploits created by commercial spyware vendors targeting Google products is likely higher due to undetected exploits, anonymous authorship, and cases where vulnerabilities were patched before exploitation was discovered.

The report from Google mentions prominent commercial spyware vendors including Candiru, Cy4Gate, DSIRF, Intellexa, Negg, NSO Group, PARS Defense, QuaDream, RCS Lab, Variston and Wintego Systems. Here is information on some of them:

  • Cy4Gate and RCS Lab: Italian companies known for the spying programs Epeius and Hermit for Android and iOS. Cy4Gate acquired RCS Lab in 2022, but they operate independently.
  • Intellexa: an alliance of companies, including Cytrox’s Predator and WiSpear Wi-Fi tools, providing end-to-end surveillance solutions, led by Tal Dilian from 2019.
  • Negg Group: an Italian company founded in 2013, known for Skygofree and VBiss programs that target mobile devices and use exploit chains for attacks.
  • NSO Group: an Israeli company known for the Pegasus program and other sophisticated espionage tools, which continues to operate despite sanctions and legal challenges.
  • Variston: a Spanish company offering customized security solutions, collaborates with 0-day exploit brokers and is associated with the Heliconia framework being developed in the UAE.

These companies sell licenses for their products for millions of dollars, allowing customers to infect Android or iOS devices with undocumented 1-click and zero-click exploits. Some attacks also exploit n-day vulnerabilities for which patches are already available, but delays in deploying them make them exploitable.

Google notes that vendors of legitimate spyware are becoming more aggressive in finding zero-day vulnerabilities, having developed at least 33 exploits between 2019 and 2023.

The company’s report indicates a list of 74 0-day vulnerabilities exploited by 11 commercial spyware vendors. Most of them affect Google Chrome (24) and Android (20), followed by Apple iOS (16) and Windows (6).

In addition, it is noted that when vulnerabilities are discovered and fixed, spyware creators incur significant operational and financial losses, so they look for alternative means of infection.

Every time Google and other researchers discover and report new vulnerabilities, it creates difficulties for commercial spyware vendors and hampers their development processes, Google reports. When we identify and remediate vulnerabilities used in attacks, it not only protects users, but also prevents these companies from honoring their commitments to customers, worsening their financial situation and increasing the cost of maintaining their businesses.

However, experts note that this is not enough to stop the spread of spyware, as the demand for these tools is high and the contracts are too attractive for development companies to simply give up.

Google is calling for more active measures against the spyware industry, such as improving inter-governmental cooperation, introducing strict rules to regulate the use of surveillance technologies, and taking diplomatic action against countries with non-compliant vendors.

0 / 5

Your page rank:

Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment