In 2024, a total of 768 Common Vulnerabilities and Exposures (CVEs) were publicly reported as exploited in the wild for the first time, marking a 20% increase from the previous year, according to data released by VulnCheck. This surge in reported exploits highlights the growing challenges faced by organizations in protecting their systems and data from cyber threats.
Among these exploited vulnerabilities, approximately 23.6% were categorized as zero days, meaning that they were being actively exploited on or before the day their CVEs were publicly disclosed. While this percentage represents a slight decrease from the previous year’s figure of 26.8%, it underscores the persistent risk posed by zero-day vulnerabilities in the cybersecurity landscape.
The timeline for exploitation of these vulnerabilities varied, with half of the CVEs being reported as exploited within 192 days of their disclosure, and 75% within 1004 days. This indicates that exploitation activities can occur throughout a vulnerability’s lifecycle, emphasizing the need for organizations to remain vigilant and proactive in addressing security gaps.
Despite the emphasis on zero-day exploits, only 1% of the CVEs published in 2024 were publicly reported as exploited in the wild. This low percentage aligns with historical trends and suggests that while zero-day vulnerabilities attract significant attention, the majority of exploits occur post-disclosure.
VulnCheck’s analysis also revealed distinct spikes in exploit reports during certain periods, notably in April and May 2024. These spikes coincided with industry events such as the RSA Conference and the release of end-of-quarter cybersecurity research reports. Additionally, the inclusion of new sources of vulnerability exploitation data, such as the Shadowserver Foundation, further contributed to the increase in reported exploits.
The researchers highlighted the importance of organizations promptly disclosing instances of exploitation activity to enhance collective awareness and response to emerging threats. The diverse sources of initial evidence of CVE exploitation, including cybersecurity vendors, non-profit organizations, software companies, and social media sites, underscore the collaborative nature of threat intelligence sharing in combating cyber threats.
Overall, the baseline of exploited CVEs ranged from 30-50 per month, indicating a consistent level of vulnerability exploitation throughout the year. As organizations navigate the evolving cybersecurity landscape, it becomes essential to adopt a proactive and collaborative approach to effectively identify, mitigate, and respond to emerging security risks.