According to research by Qualys, one-third of the high-risk vulnerabilities impact network devices and web applications that are traditionally difficult to safeguard through conventional means.
Cyber vulnerabilities are constantly thriving and are on the verge of becoming infallible. Attackers are implying innovative strategies to exploit user data, adversely impacting network devices and web applications.
Analysing the impacts of over 206 high-risk cyber attacks on businesses in 2023, the Qualys Threat Research Unit (TRU) unveiled some common trends related to the most exploiting attack methods. Furthermore, they also revealed various strategies to fortify defences against them.
Seeing through the critical cyber vulnerabilities that were popular in 2023
Saeed Abbasi, Product Manager, Threat Research Unit, Qualys, while throwing some light on emerging cyber threats commented, “While this is alarming and continues the years-long trajectory of more vulnerabilities being found than the year before, it is important to note that not all vulnerabilities present a high risk; in fact, a small subset (less than 1%) contributes the highest risk. These particularly critical vulnerabilities are ones that have a weaponised exploit, are actively exploited by ransomware, threat actors, and malware, or have confirmed evidence of exploitation in the wild.”
Exploit availability for critical cyber threats
The mean time to exploit vulnerabilities in 2023 stands at 44 days (about one-and-a-half months). However, this average masks the urgency of the situation. In numerous instances, vulnerabilities were exploited available on the very day they were published. This immediate action represented a shift in the modus operandi of attackers, highlighting their growing efficiency and the ever-decreasing window for response by defenders.
Availability of high-risk vulnerabilities in network infrastructures and web applications
A substantial 32.5% of the 206 identified vulnerabilities reside within the networking infrastructure or web application domains. These cyber jeopardises were traditionally difficult to safeguard through conventional means.
Exploitation by malicious actors & ransomware groups
Of the 206 high-risk vulnerabilities Qualys tracked, more than 50 per cent were leveraged by threat actors, ransomware, or malware to compromise systems. Whereas, 115 of them were exploited by named threat actors; 20 were exploited by ransomware; and 15 were exploited by malware and botnets.
For instance, In 2023, the cyber landscape was shaken by TA505, also known as the CL0P Ransomware Gang. This group masterminded a high-profile cyberattack by exploiting zero-day vulnerabilities, and they notably exploited zero-day vulnerabilities in key platforms like GoAnywhere MFT, PaperCut, MOVEit, and SysAid.
Use of ransomware-as-a-service model for conducting extensive attacks
In 2023, LockBit and Clop were immensely popular in the ransomware arena. LockBit utilised its advanced ransomware-as-a-service model to target a range of organisations, including in the IT and finance sectors. Clop, known for exploiting vulnerabilities, conducted extensive attacks on large enterprises, notably in the finance, IT, and healthcare sectors.
What is the most proactive approach to prevent high-risk vulnerabilities?
Emphasising relevant defence mechanisms against malicious activities, Abbasi said, “It is evident that the rapid pace of vulnerability weaponisation and the diversity of threat actors pose significant challenges for organisations globally. To accurately assess the genuine risk presented by open vulnerabilities within their organisation, it’s essential that businesses employ a comprehensive set of sensors, ranging from agent to network scanners to external scanners.
“In addition, it is imperative to thoroughly inventory all public-facing applications and remote services to ensure they are not vulnerable to high-risk vulnerabilities. And finally, I’d advise organisations to employ a multifaceted approach to the prioritisation of vulnerabilities — focus on those known to be exploited in the wild (start with the CISA KEV), those with a high likelihood of exploitation (indicated by a high EPSS score), and those with weaponised exploit code available,” added Abbasi.
“These recommendations will help reinforce the critical need for a robust, proactive approach to vulnerability and risk management, especially in an increasingly sophisticated and pervasive era of cyber threats,” Abbasi concluded.
Wrapping it up, malicious actors are going to implement various strategies to iterate customer data through ransomware, malware and botnet attacks. Thus it’s essential to implement a holistic approach to avoid them. It is only possible if businesses prioritise these high-risk vulnerabilities, and take proactive measures against them.