Moreover, ransomware groups have leveraged 64% of the 33 widely abused flaws — which include bugs impacting Apache Log4j, Microsoft Exchange, Microsoft Windows, Kaseya, SolarWinds, SAP, SonicWall, VMware, Accession, Zyxel, GitLan, F5, QNAP, Pulse Connect, Forgerock, Zoho, Apache HTTP Server, Atlassian, and Zoho. The report also noted that many of the listed vulnerabilities have been exploited amid the height of remote working during the COVID-19 pandemic.
Vulnerability Management, Security Strategy, Plan, Budget, Breach, Risk Assessments/Management
Vulnerability exploitation accelerates
Threat actors only spent an average of 12 days exploiting software vulnerabilities in 2021, compared with 42 days in 2020, with the 71% decline in time to known exploitation attributed to the significant increase in zero-day attacks, ZDNet reports.
Widespread vulnerabilities totaled 33 last year, with 10 being actively exploited, while seven more are at risk due to an available exploit, a report from Rapid7 showed. Researchers also found that zero-day exploits triggered 52% of widespread threats, while 85% of exploits have been found to threaten many organizations.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds