Vulnerability Management, Security Strategy, Plan, Budget, Breach, Risk Assessments/Management

Vulnerability exploitation accelerates

Threat actors only spent an average of 12 days exploiting software vulnerabilities in 2021, compared with 42 days in 2020, with the 71% decline in time to known exploitation attributed to the significant increase in zero-day attacks, ZDNet reports. Widespread vulnerabilities totaled 33 last year, with 10 being actively exploited, while seven more are at risk due to an available exploit, a report from Rapid7 showed. Researchers also found that zero-day exploits triggered 52% of widespread threats, while 85% of exploits have been found to threaten many organizations.

Moreover, ransomware groups have leveraged 64% of the 33 widely abused flaws ⁠— which include bugs impacting Apache Log4j, Microsoft Exchange, Microsoft Windows, Kaseya, SolarWinds, SAP, SonicWall, VMware, Accession, Zyxel, GitLan, F5, QNAP, Pulse Connect, Forgerock, Zoho, Apache HTTP Server, Atlassian, and Zoho. The report also noted that many of the listed vulnerabilities have been exploited amid the height of remote working during the COVID-19 pandemic.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds