In 2023 and the beginning of this year, Rapid7 researchers have observed a significant rise in the exploitation of vulnerabilities, with more than 60 flaws being targeted in widespread attacks. Over half of these vulnerabilities were newly discovered during this period, and a striking 53% of them were zero-day flaws when first identified.
The researchers at Rapid7 define a vulnerability as being exploited on a mass scale when it is utilized in real-world attacks against numerous organizations across various industries and geographic locations. It is important to note that they did not include zero-day flaws that only had proof-of-concept exploits published on the internet in their monitoring.
Moreover, the researchers did not classify exploitation attempts on honeypots set up by security firms worldwide as actual attacks. This distinction was made in order to prevent organizations from being misled about the true extent of a threat, thus allowing them to effectively allocate their resources.
In light of these developments, the researchers have advised organizations to be prepared for incident response investigations during widespread threat events. This includes actively searching for indicators of compromise (IOCs) and post-exploitation activities, in addition to implementing emergency patching protocols.
The surge in zero-day exploits over the years has been accompanied by a shift in the threat actors utilizing them. While previously dominated by state-sponsored cyberespionage groups, these exploits are now also being leveraged by cybercrime gangs specializing in ransomware and crypto mining malware. The balance has tipped significantly, with zero-day exploits surpassing n-day exploits in widespread attacks since 2021.
Rapid7 researchers have been closely monitoring the “Time to Known Exploitation” (TTKE) metric since 2021. This time frame measures the interval between when vulnerabilities become public knowledge and when they are reliably reported as being exploited in the wild. The researchers have observed a substantial narrowing of this window in recent years, largely due to the prevalence of zero-day attacks.
As the cybersecurity landscape continues to evolve rapidly, organizations are facing increasing security strain from shorter exploit cycles and more sophisticated threat actors. It is crucial for businesses to stay vigilant, proactively address vulnerabilities, and enhance their incident response preparedness in order to effectively mitigate the risks posed by these developments.