Over 60% of vulnerabilities discovered in network and security appliances in 2023 were exploited as zero days, according to a new Rapid7 report.
This follows a broader trend of attackers being adept at exploiting vulnerabilities before a patch has been released. The researchers found that more mass compromise events arose from zero-day vulnerabilities than from n-day vulnerabilities in 2023 (53% vs 47%).
Last year’s numbers represent a return to 2021 levels of widespread zero-day exploitation (52%), following a slight respite (43%) in 2022.
Caitlin Condon, Director of Vulnerability Intelligence at Rapid7, commented: “Our data shows 2021 to have been the dividing line between a ‘then’ and a ‘now’ in zero-day attacks. Since that time, the median number of days between vulnerability disclosure and exploitation, which we began tracking several years ago, has stayed in single digits across the CVEs in our annual datasets; widespread exploitation of major vulnerabilities has shifted from a notable event to a baseline expectation.”
No tags.
