What We Know About Vulnerability Exploitation in 2024 (So Far)

Originally published by Dazz.

Written by Noah Simon, Head of Product Marketing, Dazz.

In the world of security vulnerabilities, change is the only constant. There are always new CVEs, new exploits, and new threat actors. A recent study estimates that there will be a 25% increase in vulnerabilities, or roughly 2,900 per month in 2024.

With so many vulnerabilities, how can security teams find the right signal in the noise to focus on what really matters?

One great way to do so is to understand which vulnerabilities are actually being exploited, how they’re being exploited, and how quickly. Data breaches provide a great data set for this analysis, and Verizon happens to have a great data set.

In other words, if you’re looking to understand vulnerability exploitation, read the latest Verizon Data Breach Investigation Report (DBIR). This year’s report analyzed more than 10,000 breaches to understand trends in attack vectors and more. If you’re short on time, you’re in luck! We sifted through this year’s vulnerability exploitation trends so you don’t have to.

1. There’s been a rise in exploits

The report uncovers a disturbing trend: a nearly threefold increase (180%) in breaches where attackers exploited vulnerabilities to gain initial access to systems. This aligns with the growing prevalence of zero-day attacks targeting unpatched software, which is a tactic heavily employed by ransomware actors. It’s also important to note that the most common vector for vulnerability exploitation are web applications. This is why ASPM solutions are all the rage these days.

2. Remediation is still (often) too slow

Verizon researchers looked at the time window between when a vulnerability is added to CISA’s Known Exploited Vulnerability Catalog and when organizations had remediated them. As the figure below shows, a majority of vulnerabilities that have been exploited are still unresolved after 60 days of being added to CISA KEV. Verizon researchers sum this up simply: “sadly, [remediation] does not seem to keep pace with the growing speed of threat actor scanning and exploitation of vulnerabilities.”

3. Web applications remain the most targeted asset

As in previous Data Breach Investigation Reports, web applications remain a highly targeted asset involved in breaches, accounting for nearly 50% of incidents in this year’s study. When we look further at how web applications are attacked, the use of stolen credentials for credential stuffing attacks is most common by far. However, exploitation of vulnerabilities was the third most common attack vector on web applications, further emphasizing the need for timely remediation.

‍

Why these trends matter

‍The 2024 Verizon DBIR continues to be an important tool that gives security teams macro trends to consider when strategizing where they put their resources. This year’s study showed that prioritizing vulnerability management — and specifically, faster remediation — remains imperative. Read the full 2024 Verizon Data Breach Investigation Report here: https://www.verizon.com/business/resources/reports/dbir/