Rapid7, Inc., a Boston-based cybersecurity company, has released its latest Vulnerability Intelligence Report, finding that attackers are developing and deploying exploits faster than ever; 56% of the vulnerabilities in this report were exploited within seven days of public disclosure — a 12% rise over 2021 and an 87% rise over 2020. In 2022, the median time to exploitation was just one day.
The report also notes a 33% decrease between 2021 and 2022 in the number of vulnerabilities that were exploited to carry out ransomware attacks. This decrease may indicate that ransomware operations have become less reliant on new vulnerabilities, but it may also be caused by other factors, including lower reporting of ransomware incidents, according to company analysts.
Analysis of security vulnerability trends shows an 87% increase in first-week exploitation since 2020.
“The ransomware ecosystem and the cybercrime economy have continued to mature and evolve,” said Caitlin Condon, Rapid7 vulnerability research manager and lead author. “We saw many more ransomware families actively compromising organizations in 2022, which naturally creates challenges for threat tracking and reporting.”
Security, IT, and other teams tasked with vulnerability management and risk reduction operate in high-urgency, high-stakes environments where informed decision-making hinges on the ability to quickly separate signal from noise. When a new potential threat emerges, information security professionals often find themselves needing to translate vague descriptions and untested research artifacts into actionable intelligence for their own particular risk models.
Examining 50 of the most notable security vulnerabilities and high impact cyberattacks in 2022, the report highlights exploitation trends, explores attacker use cases, and offers a framework for understanding new security threats as they arise.
Channel Impact®
Rapid7 produces the annual Vulnerability Intelligence Report to help organizations understand attack trends and proactively address both the unique and shared threats they face.