While there was a reduction in the widespread exploitation of new vulnerabilities in 2022, the risk remains significant as broad and opportunistic attacks continue to pose a threat, according to Rapid7.
Deploying exploits
Attackers are developing and deploying exploits faster than ever. 56% of the vulnerabilities were exploited within seven days of public disclosure — a 12% rise over 2021 and an 87% rise over 2020. In 2022, the median time to exploitation was just one day.
“Rapid7’s team of vulnerability researchers works around the clock to thoroughly investigate and provide critical context into emergent threats,” said Caitlin Condon, Rapid7 vulnerability research manager and lead Vulnerability Intelligence Report author.
Exploitation of vulnerabilities in ransomware attacks drops
The report also notes a 33% decrease between 2021 and 2022 in the number of vulnerabilities exploited to carry out ransomware attacks. According to Condon, this decrease may indicate that ransomware operations have become less reliant on new vulnerabilities. Still, it may also be caused by other factors, including lower reporting of ransomware incidents.
“The ransomware ecosystem and the cybercrime economy have continued to mature and evolve,” said Condon. “We saw many more ransomware families actively compromising organizations in 2022, which naturally creates challenges for threat tracking and reporting.”
Security, IT, and other teams tasked with vulnerability management and risk reduction operate in high-urgency, high-stakes environments where informed decision-making hinges on the ability to separate signal from noise quickly.
When a new potential threat emerges, information security professionals often find themselves needing to translate vague descriptions and untested research artifacts into actionable intelligence for their own particular risk models.