Share this article on:
Cyber criminals are exploiting vulnerabilities faster than ever, according to new findings from Rapid7.
The US-based cyber security organisation released its 2022 Vulnerability Intelligence Report, outlining the current exploitation trends bad actors follow.
“The ransomware ecosystem and the cyber crime economy have continued to mature and evolve,” said Rapid7 vulnerability research manager and lead author of the report Caitlin Condon.
“We saw many more ransomware families actively compromising organisations in 2022, which naturally creates challenges for threat tracking and reporting.”
Rapid7 discovered that the time between a vulnerability being discovered and being exploited is getting shorter and shorter. Zero-day exploits, while slightly less frequent in 2022, were the source of 43 per cent of widespread threats, while 56 per cent of all vulnerabilities analysed in the report were exploited within seven days of being found.
As a result, cyber security organisations and security teams are fighting an uphill battle with an increasing gradient, as they have less and less time to patch these vulnerabilities.
Combined with a skills shortage that’s leaving teams without resources and staff, and hacking groups becoming more sophisticated, defending against vulnerability exploitation is getting drastically more difficult.
There has also been a 33 per cent drop year over year in “vulnerabilities mapped definitely to ransomware operations”, with only 14 of the reports vulnerabilities in the report meeting that criteria.
However, this doesn’t mean that attackers are slowing down, but rather that their methods are getting more complex and have lower industry visibility, making things harder again for security teams.
Twenty-eight net-new widespread threats were detected by Rapid7 in 2022, many of which exploited vulnerabilities to deliver ransomware, botnet malware, web shells, and/or cryptocurrency miners.
Widespread exploitation of new vulnerabilities did decline 15 per cent year over year.
In light of the new findings, Rapid7 has advised that security teams have emergency planning procedures and incident response playbooks in place, follow a defined patch cycle that includes prioritisation of network edge technologies like firewalls and virtual private servers (VPS) and actively exploited common vulnerabilities and exposures (CVEs), maintain operating system level updates, and ensure that internet exposure of critical infrastructure is limited and monitored.
The full report can be found here.