The race continues over which side of cybersecurity will gain the upper hand in the next few years. There are some good news and a few alarming ones. But one detail stands out in the 2022 study by Rapid7: the bad side appears to be gaining speed.
Rapid7’s Vulnerability Intelligence Report found that criminal hackers are building and unleashing exploits much faster than they did before, leaving businesses with a shrinking window of time to respond. According to the report — which examined 50 vulnerabilities that pose a serious risk to companies – 56% of vulnerabilities were exploited within seven days of their disclosure to the public. That represents a 12% increase over the same figures in 2021 and an 87% rise over those for 2020.
Meanwhile, the median time for exploitation in 2022 was just one day across all the vulnerabilities examined in the report. A whopping 43% of widespread threats began with a zero-day exploit.
While both those figures already trigger alarm bells, they are lower compared to those for 2021. The average time to known exploitation (TTKE) in 2022 was 24.5 days, a vast improvement over the 2021 figure of just 12 days. However, averages can be influenced by outlying data points (one exploit, for example, can take several weeks). That’s why taking the median value (instead of the average) paints a more accurate and complete picture. In this case, the 12 percent year-over-year rise in exploits within one week of disclosure should send shivers down every IT security expert’s spine. More alarmingly, nearly 80% of all those exploits were pulled off by criminal hackers in just a single day.
What do these mean for organizations?
First, let’s define the key concepts.
A vulnerability refers to a particular weakness in a system component such as hardware, software, or process.
On the other hand, an exploit (as used in cybersecurity) refers to the method, toolset, or technique developed by a hacker to take advantage of a vulnerability to corrupt, compromise, or breach a system. An exploit can be a piece of software, a process, or a sequence of commands.
Back to the report. Rapid7’s study yielded many significant findings, and not all were negative. For example, widespread exploitation of new vulnerabilities decreased in 2022 compared to the previous year. While remaining a severe threat, zero-day exploitation is also down from 52% in 2021 to 43% in 2022.
While those trends appear promising, there’s more to the picture than meets the eye. One major concern raised by the study is the shrinking time window within which organizations can respond to lightning-fast exploits.
Here are the key takeaways:
- Threat actors waste no time exploiting vulnerabilities as soon as these are discovered.
- Organizations can do no less when it comes to remediating those vulnerabilities. Your company should implement emergency patching and incident response procedures that prioritize widely exploited CVEs (common vulnerabilities and exposures).
- Operating system updates and patches should always be kept current without exception or delay. For critical systems, a zero-day patch cycle should be the default protocol.
- Your IT team or managed security provider should establish more effective controls and countermeasures that help prevent the exploitation of as many vulnerabilities as possible. Limiting internet exposure of crucial applications and administrative interfaces can help reduce the area of your attack surface.
- Regular technology audits, risk assessments, and external penetration tests will proactively help your organization detect, identify, and remediate vulnerabilities.
Many advanced cybersecurity platforms and managed security providers can help you detect, analyze, and address vulnerabilities in your critical assets.
Call one as soon as you can.
Remember, companies might choose to dilly-dally on security. But threat actors certainly won’t.