Qualys 2024 Midyear Threat Landscape Review
Summary:
Qualys’ new 2024 Midyear Threat Landscape Review highlights a growing number of reported Common Vulnerabilities and Exposures (CVEs). From January to mid-July 2023-2024, the annual count of reported CVEs increased by 30%, from 17,114 in 2023 to 22,254 in 2024. Notably, in 2024, only .91% of vulnerabilities reported have been weaponized in attacks in the wild. Despite this low percentage, researchers note the impact and severity of these weaponized vulnerabilities are disproportionately high.
In its report, Qualys published a list of the top 10 exploited vulnerabilities in 2024. all of which have been listed on CISA’s KEV catalog. These vulnerabilities impact a range of different products, including Ivanti Connect and Policy Secure Web (CVE-2024-21887, CVE-2023-46805, CVE-2024-21893), Microsoft Windows (CVE-2024-21412, CVE-2024-21762) Palo Alto Networks (PAN-OS) (CVE-2024-3400), ConnectWise ScreenConnect (CVE-2024-1709), Cisco NX-OS (CVE-2024-20399), Jenkins Core (CVE-2024-23897), and Fortinet FortiOS (CVE-2024-21762). The successful exploitation of the above-mentioned flaws could enable actors to bypass authentication, escalate privileges, execute code remotely, perform command injection, and much more.
Security Officer Comments:
Qualys emphasized that nearly half of weaponized CVEs pertain to vulnerabilities in public-facing applications, highlighting the need for organizations to assess and secure external-facing components to mitigate potential impact. There has also been a noticeable trend in actors performing lateral movement by utilizing remote services, indicating attackers are often exploiting vulnerabilities to navigate through the network after an initial foothold is secured. As such, organizations have been encouraged to enhance internal network security and implement active monitoring systems.
Suggested Corrections:
Organizations should ensure regular updates, diligent patch management, and advanced threat detection systems are in place to mitigate the risks associated with high-critical vulnerabilities that are often exploited for initial access, lateral movement, and malware deployment including ransomware. In general, Qualys recommends organizations prioritize addressing vulnerabilities actively exploited in the wild (such as CISA KEV), those with a high likelihood of exploitation, and those for which weaponized exploit code is available.
Link(s):
https://blog.qualys.com/vulnerabili...24/08/06/2024-midyear-threat-landscape-review
Qualys’ new 2024 Midyear Threat Landscape Review highlights a growing number of reported Common Vulnerabilities and Exposures (CVEs). From January to mid-July 2023-2024, the annual count of reported CVEs increased by 30%, from 17,114 in 2023 to 22,254 in 2024. Notably, in 2024, only .91% of vulnerabilities reported have been weaponized in attacks in the wild. Despite this low percentage, researchers note the impact and severity of these weaponized vulnerabilities are disproportionately high.
In its report, Qualys published a list of the top 10 exploited vulnerabilities in 2024. all of which have been listed on CISA’s KEV catalog. These vulnerabilities impact a range of different products, including Ivanti Connect and Policy Secure Web (CVE-2024-21887, CVE-2023-46805, CVE-2024-21893), Microsoft Windows (CVE-2024-21412, CVE-2024-21762) Palo Alto Networks (PAN-OS) (CVE-2024-3400), ConnectWise ScreenConnect (CVE-2024-1709), Cisco NX-OS (CVE-2024-20399), Jenkins Core (CVE-2024-23897), and Fortinet FortiOS (CVE-2024-21762). The successful exploitation of the above-mentioned flaws could enable actors to bypass authentication, escalate privileges, execute code remotely, perform command injection, and much more.
Security Officer Comments:
Qualys emphasized that nearly half of weaponized CVEs pertain to vulnerabilities in public-facing applications, highlighting the need for organizations to assess and secure external-facing components to mitigate potential impact. There has also been a noticeable trend in actors performing lateral movement by utilizing remote services, indicating attackers are often exploiting vulnerabilities to navigate through the network after an initial foothold is secured. As such, organizations have been encouraged to enhance internal network security and implement active monitoring systems.
Suggested Corrections:
Organizations should ensure regular updates, diligent patch management, and advanced threat detection systems are in place to mitigate the risks associated with high-critical vulnerabilities that are often exploited for initial access, lateral movement, and malware deployment including ransomware. In general, Qualys recommends organizations prioritize addressing vulnerabilities actively exploited in the wild (such as CISA KEV), those with a high likelihood of exploitation, and those for which weaponized exploit code is available.
Link(s):
https://blog.qualys.com/vulnerabili...24/08/06/2024-midyear-threat-landscape-review