Transition to incident response
Rapid7 researchers tracked more than 60 disabilities that saw widespread exploitation in 2023 and earlier this year. Of those, more than half were new errors discovered during this period; of these new errors, 53% were zero days when they were first discovered.
It’s worth noting that Rapid7 researchers consider the risk of seeing a large or widespread exploit if used in a real-world attack to target multiple organizations across different industry verticals and geographies. The researchers noted that they did not include zero-day errors when only exploit proof-of-concepts were published online in their tracking.
They also didn’t count exploit attempts against the thousands of honeypots deployed by security companies around the world as actual attacks because doing so would distort the perception of how widespread the threat is, potentially distracting organizations from prioritizing where to direct their limited resources.
“Organizations should expect to conduct investigations of responses that look for indicators of compromise (IOCs) and post-exploitation work during widespread threat events in addition to activating emergency response agreements,” advise the researchers.
Shorter exploit cycles, more security
The number of zero-day exploits has exploded since 2021 and the type of threat actors using them are not limited to government-sponsored cyberespionage groups, but also cybercriminal groups pushing ransomware and crypto-mining malware. In 2020, n-day exploitation increased by a ratio of 0 days 3 to 1; in 2021, 0 days accounted for more than half of widespread attacks, not returning to previous levels.
“Starting in 2021, Rapid7 researchers tracked the time between when a vulnerability became known to the public and when it was (reliably) reported as being exploited in the wild,” the researchers said. “This window, which we call the ‘Time to Known Exploit,’ or TTKE, has shrunk significantly over the past three years, largely due to the frequent zero-day attacks.”
Source link