Moreover, ransomware groups have leveraged 64% of the 33 widely abused flaws — which include bugs impacting Apache Log4j, Microsoft Exchange, Microsoft Windows, Kaseya, SolarWinds, SAP, SonicWall, VMware, Accession, Zyxel, GitLan, F5, QNAP, Pulse Connect, Forgerock, Zoho, Apache HTTP Server, Atlassian, and Zoho. The report also noted that many of the listed vulnerabilities have been exploited amid the height of remote working during the COVID-19 pandemic.
Threat actors only spent an average of 12 days exploiting software vulnerabilities in 2021, compared with 42 days in 2020, with the 71% decline in time to known exploitation attributed to the significant increase in zero-day attacks, ZDNet reports. Widespread vulnerabilities totaled 33 last year, with 10 being actively exploited, while seven more are at risk due to an available exploit, a report from Rapid7 showed. Researchers also found that zero-day exploits triggered 52% of widespread threats, while 85% of exploits have been found to threaten many organizations.