Threat Management, Vulnerability Management

Time to known flaw exploitation shortening

Fifty-six percent of reported security vulnerabilities in 2022 were exploited within a week of disclosure, which is 12% higher than in 2021 and 87% higher than in 2020, SecurityWeek reports. Such a decrease in time-to-exploit durations comes amid a 15% decline in widespread vulnerability exploitation and a 52% reduction in zero-day attacks between 2020 and 2022, according to Rapid7's 2022 Vulnerability Intelligence Report. Security flaws leveraged in ransomware attacks also dropped by 33% during the same period even though more ransomware families have been emerging. "A large number of vulnerabilities are being exploited before security teams have any time to implement patches or other mitigations," said Rapid7 Senior Manager of Security Research Caitlin Condon, who added that the hype from Log4Shell has prompted a misdirection of security teams' resources in efforts to remediate the minor Spring4Shell and Text4Shell vulnerabilities that followed. Further ransomware ecosystem diversification has also limited industry visibility into CVEs used in ransomware attacks, Condon added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.