Attackers deploying exploits faster than ever, finds Rapid7
Rapid7 has announced the release of its latest Vulnerability Intelligence Report, examining 50 of the most notable security vulnerabilities and high-impact cyberattacks in 2022. The report highlights exploitation trends, explores attacker use cases, and offers a framework for understanding new security threats as they arise.
A significant finding from the report is that attackers are developing and deploying exploits faster than ever.
In total, the report includes 45 vulnerabilities that were exploited in the wild, of which 44% arose from zero-day exploits. Whereas 56% of the vulnerabilities in the report were exploited within seven days of public disclosure, which is a 12% rise over 2021, and an 87% rise over 2020.
All the more, the median time to exploitation was just one day in 2022.
The Rapid7 report also notes that only 14 of the vulnerabilities are known to have been exploited to carry out ransomware attacks. It is a 33% decrease from 2021, despite consistent ransomware activity.
The decrease may indicate that ransomware operations have become less reliant on new vulnerabilities, but other factors, including lower reporting of ransomware incidents, may also cause it.
This report's other vulnerability and exploit trends include ransomware ecosystem complexity, privilege escalation from the network perimeter, and the long tail of exploitation across older vulnerabilities.
“Rapid7’s team of vulnerability researchers work around the clock to thoroughly investigate and provide critical context into emergent threats,” says Caitlin Condon, Rapid7 vulnerability research manager and lead author of the Vulnerability Intelligence Report.
“We produce the annual Vulnerability Intelligence Report to help organisations understand attack trends and proactively address the unique and shared threats they face. The ransomware ecosystem and the cybercrime economy have continued to mature and evolve. As a result, we saw many more ransomware families actively compromising organisations in 2022, which naturally creates challenges for threat tracking and reporting."
Security, IT, and other teams tasked with vulnerability management and risk reduction operate in high-urgency, high-stakes environments where informed decision-making hinges on quickly separating signal from noise.
When a new potential threat emerges, information security professionals often need to translate vague descriptions and untested research artefacts into actionable intelligence for their particular risk models.
“Rapid7 is known for its ongoing research initiatives that keep its customers and the broader business community safer. The company is on a mission to create a safer digital world by making cybersecurity simpler and more accessible. We empower security professionals to manage a modern attack surface through our best-in-class technology, leading-edge research, and broad, strategic expertise,” says Condon.
“Rapid7’s comprehensive security solutions help more than 10,000 global customers unite cloud risk management and threat detection to reduce attack surfaces and eliminate threats with speed and precision. The Rapid7 Insight Platform collects data from across your environment, making it easy for teams to manage vulnerabilities, monitor for malicious behaviour, investigate and shut down attacks, and automate your operations.”