GreyNoise 2025 Mass Internet Exploitation Report: Attackers Are Moving Faster Than Ever — Are You Re
Summary:
According to a new report from GreyNoise, 40% of exploited CVEs in 2024 were at least four years old, with some dating back to the 1990s. Furthermore, in 2024, ransomware groups leveraged 28% of vulnerabilities listed on CISA’s Known Exploited Vulnerabilities (KEV) catalog, indicating that mass exploitation is a major driver of financially motivated attacks. The security firm also observed multiple CVEs being exploited before they were added to the KEV catalog, highlighting the need for real-time intelligence. Notably, home routers and IoT devices were the most frequently targeted in 2024, with actors exploiting the following vulnerabilities:
Threat actors are exploiting vulnerabilities at an alarming speed, often outpacing the ability of security teams to assess, prioritize, and deploy patches. This rapid exploitation is especially prevalent among ransomware groups, who have automated the process of identifying and exploiting known vulnerabilities to gain initial access to organizational networks and systems. Once inside, these actors can quickly exfiltrate sensitive data and deploy malicious payloads. A particularly concerning trend is the growing exploitation of home routers and IoT devices, which are increasingly vulnerable to cyberattacks. These devices are often overlooked by organizations, making them prime targets for attackers. By compromising these devices, threat actors can create large-scale botnets, which are then used to carry out a range of malicious activities, such as distributed denial-of-service attacks, further disrupting operations and facilitating the spread of malware.
Suggested Corrections:
To counter the mass exploitation of vulnerabilities, organizations should implement a proactive, automated security plan that includes real-time threat intelligence for rapid detection and response. Continuous vulnerability management and prioritizing patching based on risk are essential, as well as securing home routers and IoT devices. Overall, leveraging machine learning and AI-driven tools can help automate threat detection, enhance response times, and improve visibility into attack surfaces to stay ahead of evolving threats such as ransomware and exploitation tactics.
Link(s):
https://www.greynoise.io/blog/2025-mass-internet-exploitation-report
According to a new report from GreyNoise, 40% of exploited CVEs in 2024 were at least four years old, with some dating back to the 1990s. Furthermore, in 2024, ransomware groups leveraged 28% of vulnerabilities listed on CISA’s Known Exploited Vulnerabilities (KEV) catalog, indicating that mass exploitation is a major driver of financially motivated attacks. The security firm also observed multiple CVEs being exploited before they were added to the KEV catalog, highlighting the need for real-time intelligence. Notably, home routers and IoT devices were the most frequently targeted in 2024, with actors exploiting the following vulnerabilities:
- CVE-2018-10561 (GPON Router Worm) – 96,042 unique IPs
- CVE-2014-8361 (Realtek Miniigd UPnP Worm) – 41,522 unique IPs
- CVE-2016-6277 (NETGEAR Command Injection) – 40,597 unique IPs
- CVE-2023-30891 (Tenda AC8 Router Exploit) – 29,620 unique IPs
- CVE-2016-20016 (MVPower CCTV DVR RCE) – 17,496 unique IPs
Threat actors are exploiting vulnerabilities at an alarming speed, often outpacing the ability of security teams to assess, prioritize, and deploy patches. This rapid exploitation is especially prevalent among ransomware groups, who have automated the process of identifying and exploiting known vulnerabilities to gain initial access to organizational networks and systems. Once inside, these actors can quickly exfiltrate sensitive data and deploy malicious payloads. A particularly concerning trend is the growing exploitation of home routers and IoT devices, which are increasingly vulnerable to cyberattacks. These devices are often overlooked by organizations, making them prime targets for attackers. By compromising these devices, threat actors can create large-scale botnets, which are then used to carry out a range of malicious activities, such as distributed denial-of-service attacks, further disrupting operations and facilitating the spread of malware.
Suggested Corrections:
To counter the mass exploitation of vulnerabilities, organizations should implement a proactive, automated security plan that includes real-time threat intelligence for rapid detection and response. Continuous vulnerability management and prioritizing patching based on risk are essential, as well as securing home routers and IoT devices. Overall, leveraging machine learning and AI-driven tools can help automate threat detection, enhance response times, and improve visibility into attack surfaces to stay ahead of evolving threats such as ransomware and exploitation tactics.
Link(s):
https://www.greynoise.io/blog/2025-mass-internet-exploitation-report