ZDI Threat Hunting 2024: Highlights, Trends, & Challenges

The Zero Day Initiative Threat Hunting team had a busy year in 2024, identifying numerous threat actor campaigns exploiting zero-day vulnerabilities and discovering new vulnerabilities through in-the-wild research. The team highlighted several key achievements, including the discovery of zero-day exploits that were actively exploited in the wild, such as CVE-2024-21412, CVE-2024-29988, CVE-2024-38112, and CVE-2024-43461. These vulnerabilities were addressed and patched by the respective software vendors, and Trend Micro customers received additional protection from virtual patches. The team also discovered variants of these vulnerabilities, such as CVE-2024-38213 and CVE-2024-49041, which were patched by Microsoft. The team's research highlighted the need for comprehensive patching and the challenges of balancing immediate threat response with systemic solutions. The team also identified trends and pain points in the software patching industry, including the increase in sophistication of phishing campaigns, narrow patching, and siloed product teams. The use of artificial intelligence and large language models has enabled threat actors to generate convincing phishing content, making it challenging to distinguish between phishing and legitimate content. The team emphasized the importance of secure by design and secure by default principles to make products more secure across vendors and the software ecosystem. Looking ahead to 2025, the team expects to see continued challenges in the software patching industry, including the need for more comprehensive patching and better communication between product teams.