"Over 60% of Network Security Appliance Flaws Exploited as Zero Days"

According to security researchers at Rapid7, over 60% of vulnerabilities discovered in network and security appliances in 2023 were exploited as zero days. Their research found that more mass compromise events arose from zero-day vulnerabilities than from n-day vulnerabilities in 2023 (53% vs 47%). The researchers noted that last year’s numbers represent a return to 2021 levels of widespread zero-day exploitation (52%), following a slight respite (43%) in 2022. Mass compromise events occur when vulnerabilities are exploited to compromise many organizations across many verticals and geolocations. The researchers noted that there has been a “pronounced shift” in the way many of these mass compromise events are carried out since the start of 2023. Nearly a quarter (23%) of mass compromise events came from common vulnerabilities and exposures (CVEs) from highly orchestrated zero-day attacks, in which often hundreds of organizations were compromised by a single attacker. Prior to 2023, the researchers said the most common attack pattern for widespread compromise events was an initial wave of low-skilled exploit attempts followed by more adept ransomware groups and/or APT exploitation.  

Infosecurity Magazine reports: "Over 60% of Network Security Appliance Flaws Exploited as Zero Days"