reports that most advanced persistent threat groups have been exploiting already known security flaws, in cyberattacks.
Only eight of 86 APTs namely APT17, DarkHydrus, DragonFly, Elderwood, Equation, FIN8, Rancor, and Stealth Falcon engaged in exploiting zero-day vulnerabilities
in hacking campaigns conducted from 2008 to 2020, a study by University of Trento security researchers found.
The findings should prompt organizations to immediately remediate known vulnerabilities, with the study showing that enterprises have been spending over 200 days to ensure timely software patch implementation across 90% of their machines.
While rapid patch applications could reduce the likelihood of being compromised, researchers noted that organizations adopting immediate patching still had a 14% to 33% compromise risk. Moreover, APT attacks continue to be unpredictable.
"Unfortunately, a company cannot fully decide in advance the configuration they will have when hit (or most frequently not hit) by an attacker as it depends on the attackers choice," wrote researchers.