Widespread threats increase by 38% in 2021 - Rapid7 report
Rapid7 has released its latest Vulnerability Intelligence Report detailing the most significant security vulnerabilities and cyber attacks in 2021.
The report found that of the 50 vulnerabilities that posed a substantial threat, 43 were acted upon. For vulnerabilities that the report classified as 'widespread threats,' the scale at which they were carried out grew by 136% compared to the previous year.
Additionally, Rapid7 says security professionals prioritise and address viable threats from a considerable number of reported vulnerabilities.
Rapid7 adds that its researchers analyse thousands of vulnerabilities every year to ascertain root causes, eliminate misconceptions, and share information on what flaws are more likely to be exploited and why.
The company's team then uses this research to construct a report of the highest priority CVEs based on the likelihood of their widespread exploitation.
"We research and publish this report to contextualise the vulnerabilities that introduce serious risk to a wide range of organisations," vulnerability research manager and lead Vulnerability Intelligence Report author, Caitlin Condon, says.
"Our goal is to highlight exploitation trends, explore attacker use cases, and offer a framework for understanding new security threats as they arise."
Key findings from the research report include:
- A major increase in broad, opportunistic exploitation in 2021, with 66% of vulnerabilities in this year's report classified as widespread threats, compared to only 28% in 2020.
- Ransomware operations account for over 60% of the widespread threats cited in this report, and more than half of widespread threats began with a zero-day exploit.
- 52% of the known exploited vulnerabilities in this report came under attack within one week of public disclosure.
- The average time to known exploitation also decreased from 42 days in 2020 to just 12 days in 2021.
"In years past, vulnerabilities and hacking incidents led to fewer widespread attacks," Condon adds.
"The recent increase in ransomware, coin mining, and other widespread attacks means the probability of an "average business" being targeted has correspondingly increased."
The release of this report comes after Rapid7 acquired IntSights Cyber Intelligence in July 2021.
Under the terms of the agreement, Rapid7 paid approximately $335 million in cash and stock to acquire IntSights, a specialist in contextualised external threat intelligence and proactive threat remediation.
On the reasoning behind the acquisition, Rapid7 stated that the attack surface had increased exponentially with digital transformation, making it imperative for security teams to have early, contextualised threat detection across their internal and external environments.
However, the company noted that teams are also often under-resourced and overburdened, inundated with data from their own environment, prompting a growing demand for solutions that help to identify what needs immediate action.
Furthermore, the acquisition has allowed Rapid7 to combine its community-infused threat intelligence and understanding of customer environments with the company's external threat intelligence capabilities.