Last year saw more mass compromise events arising from zero-day vulnerabilities (53 percent) than from older vulnerabilities for the first time since 2021.
The latest Attack Intelligence Report from Rapid7 also shows mass compromise events stemming from exploitation of network edge devices have almost doubled since the start of 2023, with 36 percent of widely exploited vulnerabilities occurring in network perimeter technologies. More than 60 percent of the vulnerabilities Rapid7 analyzed in network and security appliances in 2023 were exploited as zero-days.
“We’ve seen that attackers are very very good at internet exposure reconnaissance and so I think it’s fair to say at this point that if it’s on the internet attackers are going to find it,” says Caitlin Condon, director of vulnerability intelligence at Rapid7. “What we see in some of these skilled adversary attacks, the transfer attack was actually a good example of this, is that that recon plays out over the course of years sometimes before you know the zero-day is deployed and does noticeable damage.”
Another interesting finding is that 41 percent of incidents Rapid7 MDR observed in 2023 were the result of missing or unenforced multi-factor authentication (MFA) on internet-facing systems, particularly VPNs and virtual desktop infrastructure. Network edge devices are also at particular risk of exploitation.
“These are critical systems, most organizations cannot easily get rid of them,” says Condon. “If you’re an organization operating with a global employee and customer base you can’t necessarily take your VPN offline because of weakness. A lot of these things have proprietary operating systems, you can’t necessarily put EDR agents on them. And so I think you have a nice convergence of factors that make them both appealing and very in a very effective attack surface or adversaries.”
The full report is available from the Rapid7 site.
Image credit: Profit_Image / Shutterstock
