2024 Trends in Vulnerability Exploitation
Summary:
While the compromise of user credentials and phishing are popular tactics employed in cyberattacks, the widespread adoption of multi-factor authentication has led adversaries to focus more on exploiting vulnerabilities to gain initial access to organizational networks. According to a new report from VulnCheck, 768 CVEs were publicly reported as exploited in the wild in 2024, up 20% from the previous year (639 CVEs exploited in 2023). This represents 1% of all CVEs published in 2024, with researchers anticipating this number to continue rising. Notably, 23.6% of known exploited vulnerabilities in 2024 were targeted on or before the public disclosure of their CVEs, underscoring the sophistication of adversaries and their ability to swiftly identify and exploit vulnerabilities.
Security Officer Comments:
The release of proof-of-concept (POC) code by researchers and security vendors has contributed to the rise in vulnerability exploitation. POCs serve as valuable resources for organizations and individuals to identify, understand, and secure potential weaknesses in their systems, providing clear guidance on how to mitigate these risks. However, at the same time, these detailed step by step instructions can also act as a double-edge sword, allowing cybercriminals to easily exploit vulnerabilities left unpatched.
Suggested Corrections:
As the number of publicly disclosed and exploited CVEs continues to rise, it is crucial for organizations to implement regular updates, robust patch management, and advanced threat detection systems to mitigate the risks associated with vulnerabilities commonly used for initial access, lateral movement, and malware deployment. Overall, organizations should prioritize addressing vulnerabilities that are actively exploited in the wild (such as those listed in CISA's KEV), those with a high likelihood of exploitation, and those for which weaponized exploit code is readily available.
Link(s):
https://vulncheck.com/blog/2024-exploitation-trends
While the compromise of user credentials and phishing are popular tactics employed in cyberattacks, the widespread adoption of multi-factor authentication has led adversaries to focus more on exploiting vulnerabilities to gain initial access to organizational networks. According to a new report from VulnCheck, 768 CVEs were publicly reported as exploited in the wild in 2024, up 20% from the previous year (639 CVEs exploited in 2023). This represents 1% of all CVEs published in 2024, with researchers anticipating this number to continue rising. Notably, 23.6% of known exploited vulnerabilities in 2024 were targeted on or before the public disclosure of their CVEs, underscoring the sophistication of adversaries and their ability to swiftly identify and exploit vulnerabilities.
Security Officer Comments:
The release of proof-of-concept (POC) code by researchers and security vendors has contributed to the rise in vulnerability exploitation. POCs serve as valuable resources for organizations and individuals to identify, understand, and secure potential weaknesses in their systems, providing clear guidance on how to mitigate these risks. However, at the same time, these detailed step by step instructions can also act as a double-edge sword, allowing cybercriminals to easily exploit vulnerabilities left unpatched.
Suggested Corrections:
As the number of publicly disclosed and exploited CVEs continues to rise, it is crucial for organizations to implement regular updates, robust patch management, and advanced threat detection systems to mitigate the risks associated with vulnerabilities commonly used for initial access, lateral movement, and malware deployment. Overall, organizations should prioritize addressing vulnerabilities that are actively exploited in the wild (such as those listed in CISA's KEV), those with a high likelihood of exploitation, and those for which weaponized exploit code is readily available.
Link(s):
https://vulncheck.com/blog/2024-exploitation-trends