90+ 0-Days, 40+ N-Days Exploited In The Wild


Hackers exploit security vulnerabilities in the wild primarily to gain ‘unauthorized access to systems,’ ‘steal sensitive data,’ and ‘disrupt services.’

These vulnerabilities often arise from “software bugs,” “misconfiguration,” and “outdated systems” that have not been patched.

SIEM as a Service

Cybersecurity researchers at Mandiant recently discovered that 90+ 0-Days and 40+ N-Days were exploited in the wild.

Vulnerabilities Exploited

A comprehensive vulnerability analysis by “Mandiant” for 2023 uncovered “138” actively exploited “security vulnerabilities.”

They detected a notable distribution of “97 zero-day vulnerabilities” and “41 n-day vulnerabilities” (those exploited after patch release). 

How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide(PDF)

The most striking finding was the dramatic reduction in “Time-to-Exploit” (“TTE”), which dropped to an average of just five days in 2023, compared to “32 days in 2021-2022,” “44 days in 2020-2021,” and “63 days in 2018-2019.”

The ratio between “n-day” and “zero-day” exploits shifted significantly to “30:70 in 2023,” shifting from the previous consistent ratio of roughly “38:62,” this illustrates a significant increase in “zero-day exploitation activities.” 

Besides this, for “n-day vulnerabilities” specifically the exploitation timeline showed concerning trends:- 

  • 12% (5 vulnerabilities) were exploited within 24 hours of patch release.
  • 29% (12 vulnerabilities) were exploited within a week.
  • 56% were exploited within the first month.

A notable case study was “CVE-2023-28121,” it’s a “WooCommerce Payments plugin vulnerability.” This security flaw demonstrated how the “exploit availability” influenced the attack timing after remaining inactive for three months post-disclosure.

CVE-2023-28121 Timeline (Source – Mandiant)

It saw massive exploitation (“1.3 million attacks per day”) within just three days of a weaponized exploit’s release. 

This scenario highlights the increasingly rapid nature of modern cyber threats and the critical importance of prompt security patching.

CVE-2023-27997 is commonly known as “XORtigate,” and it’s a critical “heap-based buffer overflow” vulnerability that was discovered in the “SSL” and “VPN” components of Fortinet’s FortiOS operating system.

CVE-2023-27997 Timeline (Source – Mandiant)

This vulnerability was disclosed on June 11, 2023, and due to its potential severity, this security vulnerability caught immediate attention. 

While “proof-of-concept code,” “vulnerability scanners,” and “weaponized exploits” became publicly available by June 16, but the actual “exploitation attempts” weren’t detected until September 12, 2023. This delayed exploitation timeline can be attributed to several technical challenges. 

The vulnerability requires attackers to bypass multiple security protections including “DEP” and “ASLR,” while also navigating through FortiOS’s complex “custom hashing” and “XOR encryption” mechanisms. 

Not only that even the difficulty of the exploitation is further compounded by the fact that FortiOS is typically deployed in “highly sensitive network environments” with significant “system privileges.” 

Unlike simpler vulnerabilities that might only require modifying “HTTP headers,” “XORtigate demands” sophisticated exploitation techniques to successfully manipulate the “heap memory space” without triggering security protections, reads Mandiant report.

This makes it particularly challenging for the threat actors despite its potential for “high-impact system compromise” if successfully exploited.

Strategies to Protect Websites & APIs from Malware Attack => Free Webinar



Source link