The number of software vulnerabilities – a key attack vector for cyber threat actors — continues to rise and is expected to jump by 25% to nearly 35,000 or 2,900 per month in 2024, according to a recent Coalition report.
“With an influx of new vulnerabilities, often sprouting via disparate flagging systems, the cyber risk ecosystem is hard to track. Most organizations are experiencing alert fatigue and confusion about what to patch first to limit their overall exposure and risk,” said Tiago Henriques, Coalition’s Head of Research, in a statement. “In today’s cybersecurity climate, organizations can’t be expected to manage all of the vulnerabilities on their own; they need someone to manage these security concerns and help them prioritize remediation.”
Cyber threat actors frequently use common vulnerabilities and exposures (CVEs) to infiltrate systems – in fact, it’s one of the top three attack vectors for ransomware actors along with phishing emails and exploitation of open Remote Desk Protocol (RDP) ports, according to global law enforcement officials.
In 2023, Coalition predicted an increase in CVEs up to 1,900 per month, an estimate that ultimately came in lower than the actual monthly average for the first 10 months of 2023 of 2,321 vulnerabilities. This illustrates the acceleration in CVEs and “the magnitude of the cybersecurity problem in 2023,” the firm said.
CVEs have risen 500% since 2016, likely driven by the rise of cybercrime as a business model; bug bounty programs that actively hunt for vulnerabilities; and “marketplaces” where threat actors trade tools, credentials, and access to victim systems.
Coalition regularly conducts “honeypot” tests – decoy digital assets used to trick threat actors – that can detect potential vulnerabilities in advance of publication. For example, Progress Software’s MOVEit tool become a headline CVE in 2023 and Coalition reported that honeypot activity spiked 1,000% in the 16 days leading up to MOVEit’s announcement of the security flaw.
As a result of this one CVE, the Cl0p ransomware gang carried attacks against a significant number of major businesses.
“The speed with which the Cl0p ransomware group exploited the MOVEit vulnerability highlights how, at times, even the most relevant information comes too late. For these reasons, using honeypot data as a source that feeds into automated vulnerability prioritization is an exciting prospect.,” said Coalition in its report.
In terms of other risks perhaps looming on the horizon, Coalition’s threat scanning technology revealed about 10,000 businesses running Microsoft SQL Server 2000, a database released in 2001. The firm also reported a 59% increase in scans from unique IPs looking for RDP, one of the more “risky technologies” that can expose companies to ransomware attacks.