Security News > 2024 > May > Cybercriminals are getting faster at exploiting vulnerabilities

Cybercriminals are getting faster at exploiting vulnerabilities
2024-05-10 05:00

Cybercriminals are targeting the ever-increasing number of new vulnerabilities resulting from the exponential growth in the number and variety of connected devices and an explosion in new applications and online services, according to Fortinet.

Attacks started on average 4.76 days after new exploits were publicly disclosed: Like the 1H 2023 Global Threat Landscape Report, FortiGuard Labs sought to determine how long it takes for a vulnerability to move from initial release to exploitation, whether vulnerabilities with a high Exploit Prediction Scoring System score get exploited faster, and whether it could predict the average time-to-exploitation using EPSS data.

FortiGuard Labs also continues to observe threat actors exploiting vulnerabilities that are more than 15 years old, reinforcing the need to remain vigilant about security hygiene and a continued prompt for organizations to act quickly through a consistent patching and updating program, employing best practices and guidance from organizations such as the Network Resilience Coalition to improve the overall security of networks.

Less than 9% of all known endpoint vulnerabilities were targeted by attacks: In 2022, FortiGuard Labs introduced the concept of the "Red zone," which helps readers better understand how likely it is that threat actors will exploit specific vulnerabilities.

221 vulnerabilities were actively discussed on the darknet, while 237 vulnerabilities were discussed on Telegram channels.

"The 2H 2023 Global Threat Landscape Report from FortiGuard Labs continues to shine a light on how quickly threat actors are taking advantage of newly disclosed vulnerabilities. In this climate, both vendors and customers have a role to play. Vendors must introduce robust security scrutiny at all stages of the product development life cycle and dedicate themselves to responsible radical transparency in their vulnerability disclosures. With over 26,447 vulnerabilities across more than 2,000 vendors in 2023 as cited by NIST, it is also critical that customers maintain a strict patching regimen to reduce the risk of exploitation," said Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, FortiGuard Labs.


News URL

https://www.helpnetsecurity.com/2024/05/10/new-vulnerabilities-number-growth/