"Vulnerabilities Being Exploited Faster Than Ever: Analysis"

Security researchers at Rapid7 discovered that in 2022, the widespread exploitation of new vulnerabilities was down 15% over the previous year, zero-day attacks declined 52% from 2021, and there were 33% fewer vulnerabilities known to have been exploited as part of a ransomware attack.  The researchers noted that, on the surface, it might appear that things were easier for security teams last year.  That would be wrong.  During their study, the researchers also found that the time from vulnerability disclosure to exploitation is decreasing.  A large number of vulnerabilities are being exploited before security teams have any time to implement patches or other mitigations.  To be precise, 56% of the vulnerabilities were exploited within seven days of public disclosure, a 12% increase over 2021 and an 87% increase over 2020.  The researchers noted that resources for triaging and remediating vulnerabilities remain limited, and priorities can be misdirected.  The researchers believe that there are three primary takeaways from their current research.  The first is that widespread threats remain high, even though they are down from 66% in 2021 to 56% in 2022’s dataset.  The second takeaway is the complexity of the ransomware ecosystem and how that affects visibility and statistics.  And the last takeaway is that ransomware groups are leveraging fewer new vulnerabilities than they did in 2021.

SecurityWeek reports: "Vulnerabilities Being Exploited Faster Than Ever: Analysis"