Security Market Segment LS
Thursday, 06 June 2024 02:13

Rapid7 attack intelligence report shows edge exploits and compromised credentials major breach sources Featured


In sobering news to CISOs everywhere, cybersecurity company Rapid7 has found the majority of mass compromise events come from zero-day exploits, and increasingly these are hitting devices at the edge. Additionally, other research finds a staggering number of preventable compromises are still occurring where MFA could, and should have been in place but was not.

Rapid7 is on a mission to create a safer digital world by making cybersecurity simpler and more accessible, through best-in-class technology, leading-edge research, and broad, strategic expertise. Rapid7 protects more than 11,000 global customers. As part of its offerings to the wider public, Rapid7 releases an annual Vulnerability Intelligence Report. The latest 2024 Attack Intelligence Report was released late last month, based on more than 1,500 curated vulnerability and exploit data points, an analysis of 180+ advanced threat campaigns, and thousands of tracked ransomware events, extortion communications, and dark web posts, as well as insights from the trillions of security events across Rapid7 MDR and threat analytics telemetry.

It's a huge source of worldwide data and thus paints an accurate picture of threat actors globally. Every year Rapid7's report is highly informative about such nefarious activities and the 2024 report is no exception.

Disturbingly, Rapid7 finds more mass compromise events arose in 2023 from zero-day vulnerabilities than from n-day vulnerabilities, and, in fact, were the cause of 53% of such events. The best advice is to ensure your systems are up-to-date with all security patches - and we have no shortage of stories about breaches caused by unpatched software with Equifax being a high-profile example. Yet, software updates can't protect you from zero-day exploits because, of course, patches don't exist for a vulnerability only just discovered and weaponised.  Hence, one immediate key takeaway from Rapid7's research is organisations and institutions of all sizes can't rely on definition-based endpoint protection and software updates alone, but need a raft of tools.

AIR Graph page 11 web

Rapid7 explains this is the second time in the last three years that zero-day vulnerabilities have been the major cause of mass compromise events, and is a return to 2021 levels of widespread exploitation despite a drop in 2022.

Further, the proliferation of IoT and edge devices appears to be creating a security blind spot for many. Rapid7 identified that mass compromise events arising from exploitation at the edge have almost doubled from the start of 2023, and this is where 36% of widely exploited vulnerabilities originated. Over 60% of the vulnerabilities Rapid7 analysed were zero-days, showing the "bad guys" have learned this is a common weak spot.

Rapid7 recommends organisations take an active approach to reducing risk with their edge devices; they can't be "set and forget" appliances but vulnerabilities must be mitigated as soon as patches or workarounds are available. Further, it is imperative to enable logging and ensure it is working as expected. Log data is vital for security operations teams to hunt for elusive indicators of compromise and suspicious activity.

“Our data shows 2021 to have been the dividing line between a ‘then’ and a ‘now’ in zero-day attacks,” said Rapid7 director of vulnerability intelligence Caitlin Condon. “Since that time, the median number of days between vulnerability disclosure and exploitation, which we began tracking several years ago, has stayed in single digits across the CVEs in our annual datasets; widespread exploitation of major vulnerabilities has shifted from a notable event to a baseline expectation; and ransomware attacks regularly take entire public-facing systems online, sometimes for weeks or months at a time.”

AIR Graph page 13 web

Additionally, Rapid7 found that 41% of incidents in 2023 resulted from missing or unenforced multi-factor authentication (MFA) on Internet-facing systems, particularly VPNs and virtual desktop infrastructure. Yes, more than 4 in 10 exploits could have been prevented. All expert advice has, for years, advocated MFA as the simplest defence against credential theft, and too many companies are still not listening.

Rapid7 also detected a pronounced shift in the way attacks are playing out. Historically, a wide range of malicious threat actors adopted a scatter-gun approach to many targets. Yet, Rapid7 finds that today almost a quarter (23%) of the widespread threat CVEs came from well-planned, highly orchestrated zero-day attacks where a single adversary compromised dozens, to hundreds, of organisations at once, and often through their own specialised custom tooling.

Interestingly, Rapid7 found the number of unique ransomware families reported across 2023 incidents decreased by over half, from 95 new families in 2022 to 43 in 2023.

Further, while threat actors are still exploiting memory corruption opportunities, Rapid7 found most exploits are now arising from simpler, more easily exploitable root causes, such as improper authentication or command injection.

There's a lot to take in, but the message is clear that cybersecurity is an ongoing process that cannot be ignored, from systems administrators to software developers and every part of the IT team to every part of the business.

We're facing an army of well-funded, well-researched, determined attackers who know what is working and will keep doing it.

“This is a mature, well-organised cybercrime ecosystem at work, with increasingly sophisticated mechanisms to gain access, establish persistence, and evade detection,” Condon said. “The data is telling us that we are experiencing the intensification of a multi-year trend; now more than ever, implementing zero-day patching procedures for critical technologies is key.”

You can read the full Rapid7 2024 Attack Intelligence Report here.

Read 1499 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here

IDC WHITE PAPER: The Business Value of Aiven Data Cloud Solutions

According to IDC, Aiven enables your teams to perform more efficiently, reduce direct infrastructure costs, and provide improved database performance, agility and scalability.

Find out how Aiven makes teams 48% more efficient, allowing staff to focus on high-value activities that drive real business results:

340% 3-year ROI – break even in 5 months (average)

37% lower 3-year cost of operations

78% reduction in staff time for database deployments

Download the IDC White Paper now



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Share News tips for the iTWire Journalists? Your tip will be anonymous

Subscribe to Newsletter

*  Enter the security code shown:





Guest Opinion



Channel News