When Zero-Day Hits, Will Your Defense Stand?

| Posted on |

Zero-day vulnerabilities literally have no remediation at the time of discovery and or exploitation. Think about it: They are called zero-day vulnerabilities for a reason, right? But what is that reason? Before we get into this article, let us first define what a zero-day vulnerability is.

IBM defined it as an attack vector that takes advantage of an unknown or unaddressed security flaw in computer software, hardware, or firmware. We can also define it as a flaw in software or a system that is unknown to the vendor or developer, meaning no patch or fix has been created to address it. This leaves the vulnerable system exposed to exploitation by malicious actors before the vendor can become aware of the issue and release a solution.  

Simply put, it is any vulnerability where the vendor has zero days to fix it.

The Zero-day Market

Over the years, zero-day vulnerabilities have been discovered and exploited in the wild. This has cost organizations (small, large, medium) billions of dollars. According to Google’s threat intelligence report titled Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis,” in the year 2023 alone, there were about 63 zero-day vulnerabilities that were found and exploited in the wild. But wait, the number 63 seems very low, right? Whenever we talk about cybersecurity, we are always talking millions, if not billions, of dollars, yes? But wait a second, the number is not small at all in fact, a study published by SIRP (a security automation service provider) showed that from the year 2019, the zero-day market has grown to to million of dollars in their report titled Behind the Rise of the Million Dollar Zero-Day Market.” They found that zero-days are sold to cybercriminals and novice groups for around $10,000,000. That is TEN MILLION DOLLARS. This made it a very attractive market for cyber criminals. The threat intelligence report by Google also showed that there was a huge growth in the exploitation of zero-day vulnerabilities in the year 2023, with about 98 zero-day vulnerabilities being discovered and exploited in the wild.  Assuming each vulnerability costs about ten million dollars (10,000,000), multiply that by 98 and you will see the cost to be nine hundred eighty million (980,000,000), which is almost a billion in only the zero-day market.

A Decrease in Zero-day vulnerabilities in the year 2024

The year 2024 witnessed a decline in the number of zero-day vulnerabilities exploited in the wild, with only 75 of them. We said only right? Well, you know how to do the maths, you will see the probable numbers in hundreds of millions of dollars. This decrease was attributed to vendors’ improvements that are impacting some exploit trends by the Google Threat Intelligence Group.

Here is something interesting about this decrease between the year 2023 and 2024. There has been a pattern in the security community where a certain type of attack goes down in a specific year, and the next year or two it grows to supersede the previous years. It was also noted that 37% of the zero days in 2023 targeted enterprise-specific technologies, and this increased in the year 2024 to 44%. Bigger target usually means bigger money for the criminals. This shows that the decrease in number does not necessarily mean a decrease in financial losses.

How useful are your numbers if they don’t help your organization prevent losses and improve business growth, right?

Most Targeted Vendors: A Reality Check

It’s highly likely that your organization relies on one or more products from vendors who were heavily targeted by zero-day vulnerabilities in the past year. These aren’t obscure names, they’re industry giants that dominate enterprise environments. Microsoft topped the list with 26 zero-day vulnerabilities exploited, followed by Google with 11. Ivanti climbed to third, with 7 zero-days, underscoring a growing threat actor interest in networking and security infrastructure over traditional consumer or productivity technologies. In a notable shift, Apple dropped to fourth place, with exploitation detected in only five zero-days.

Ivanti’s entry into the top three marks a significant shift: a security vendor was targeted more frequently than a mainstream tech provider. This trend aligns with increased PRC-backed threat activity focusing on network and security technologies a point we explore further in the next section. Importantly, the frequency of exploitation doesn’t necessarily reflect a vendor’s security posture or development practices. Instead, it speaks to threat actor priorities and the strategic value they place on certain systems and platforms.

Our fair share.

CyberPlural responded to an incident mid-last year, which was made possible because of a well-known vulnerability in Veeam Backup & Replication, quickly exploited by threat actors even after a patch was released. This incident response led to information sharing with the national CERT (ngCERT) providing needed details to publish an advisory in order to help other organisations prevent this attack. A way of contributing to threat intelligence within the community.

This year has seen its fair share already

The year 2025 has already seen lots of zero-day vulnerabilities exploited in the wild. These include, but are not limited to, CVE-2025-29824, a zero-day vulnerability in the Windows Common Log File System, CVE-2025-27480/CVE-2025-27482 – Windows Remote Desktop Services Remote Code Execution Vulnerability, CVE-2025-42999, Deserialization of Untrusted Data, and many more. This year has seen its fair share already, and many more to come.

What is your organization doing?

With the increase in the number, millions of dollars, zero-day vulnerabilities and other types of vulnerabilities being exploited almost every day, what is your organization doing? Are you waiting until your organization is hit before you respond? Do you even have an incident response plan? Do you think this is just a myth, stories we tell to scare children at night? Do you think the attackers have nothing to gain if they attack your organization? Maybe you still believe investing in cybersecurity is a waste of resources?

There are hundreds of questions to ask, but the most important one is, what is your organization doing to tackle cyber threats (Zero-day and others)?

How can we help in saving your organisation?

At CyberPlural, we adopt a proactive approach to security instead of a reactive one. Our goal is to assist organizations of all sizes and sectors in preparing for future challenges, mitigating impacts, reducing risks, and ultimately fostering a proactive stance in cybersecurity.

A key takeaway is this: “In the security world, the enemy is always one step ahead. Our mission is to be two steps ahead.” CyberPlural MSSP. Take action today to avoid telling the story tomorrow.

By Birma Yakubu and Joy Jesubi

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top