Spyware is a type of malicious software (malware) that secretly collects information about an individual or organization and sends it to another entity without the user's knowledge or consent. It can track browsing habits, capture keystrokes, steal login credentials, and more, potentially leading to identity theft, financial loss, and privacy breaches.
A zero-day (also known as a 0-day) is a vulnerability or security hole in a computer system that is not known to its owner, developer, or anyone capable of mitigating it. Until the vulnerability is fixed, threat actors can exploit it in a zero-day exploit or zero-day attack.
Google's Threat Intelligence Group (GTIG) reported that attackers exploited 75 zero-day vulnerabilities last year, more than 50% of which were associated with spyware attacks. These numbers are down from 97 0-days in 2023, but up from 63 in 2022.
Cyber-espionage threat actors are individuals or groups that engage in espionage activities within cyberspace, targeting organizations and individuals to steal confidential information, intellectual property, or sensitive communications. These actors can include state-sponsored entities, cybercriminals, hacktivists, and even insider threats.
GTIG noted that cyber-espionage threat actors were responsible for more than half of 0-day attacks in 2024. Of these, China-linked groups exploited five 0-days, eight commercial surveillance customers, while North Korean operators were linked to five 0-day exploits for the first time.
Last year, Google's Threat Analysis Group (TAG) and Google-owned subsidiary Mandiant reported 97 zero-day attacks, a more than 50 percent increase from the 62 vulnerabilities the previous year, many of which were also linked to spyware vendors and their clients.
0 Comments