Nearly half of all zero-day vulnerabilities tracked by Google last year targeted enterprise technologies, the company revealed in its annual security report, representing a record share as hackers increasingly focus on corporate networks rather than individual users.
The report found that 48% of tracked zero-days affected products used by corporations and large businesses. Of those enterprise-focused vulnerabilities, roughly half specifically hit the security and networking tools companies deploy to defend themselves.
Security Tools Become the Target
Firewalls made by Cisco and Fortinet, along with VPN and virtualization platforms from Ivanti and VMware, ranked among the most targeted vendors. All four companies have confirmed that hackers exploited their products on customer networks in recent months.
Google’s researchers found that attackers exploited common flaws in these devices, including weak input validation and incomplete authorization processes. These bug classes are generally easier to exploit, though they typically require a software patch to resolve.
The remaining enterprise zero-days hit other business software. Google cited the Clop extortion gang’s campaign against Oracle E-Business Suite customers as a prominent example, which let attackers extract large volumes of human resources data from dozens of organizations. Among the affected were Harvard University, American Airlines subsidiary Envoy, and The Washington Post.
Consumer Platforms Still Account for the Majority
The remaining 52% of zero-days affected consumer and end-user products from companies including Microsoft, Google, and Apple. Most of those were found in operating systems, with mobile devices showing higher zero-day counts than in previous years.
The split signals a deliberate shift in attacker priorities. Enterprise security devices, by design, sit at the edge of corporate networks with broad access to internal systems. A single compromised firewall or VPN appliance can grant entry to an entire organization, making them high-value targets relative to the effort required.
Surveillance Vendors Outpace State Espionage Groups
Google also reported attributing more zero-days to commercial surveillance vendors than to traditional government-backed espionage operations. Surveillance vendors typically develop spyware and exploit tools on behalf of state clients to compromise mobile devices.
Google described this as reflecting “a slow but sure movement in the landscape” in how governments acquire and deploy hacking capabilities. Rather than building tools in-house, states appear to be increasingly outsourcing their offensive operations to private contractors.
- 48% of tracked zero-days targeted enterprise technologies
- About half of those hit security and networking devices specifically
- Top targeted vendors included Cisco, Fortinet, Ivanti, and VMware
- 52% of zero-days affected consumer products across Microsoft, Google, and Apple
- Commercial surveillance vendors surpassed state espionage groups in zero-day attribution
The findings point to a straightforward calculus driving the trend: enterprise security devices carry broad network access and often run outdated or difficult-to-patch software. For attackers seeking to move quietly through corporate infrastructure, they represent an efficient entry point.
Photo by Steve Johnson on Unsplash
This article is a curated summary based on third-party sources. Source: Read the original article
