Introduction: Stay Ahead of the Exploit Curve
More than 10,000 vulnerabilities (CVEs) were actively exploited in the wild in 2023 alone, demonstrating the unstoppable speed at which cyber threats develop. One important finding from the EPSS analysis is this: “Most vulnerabilities aren’t immediately exploited when they’re first published, but when they are, the impact can be devastating.” This fact emphasizes how crucial proactive vulnerability management and ongoing monitoring are.
Understanding the patterns and dynamics of vulnerability exploitation is not only a technical requirement but also a strategic essential as businesses deal with an ever-increasing list of threats. Which vulnerabilities are likely to be targeted next can be predicted using a data-driven method provided in the report A Visual Exploration of Exploitation in the Wild. This blog seeks to provide C-suite executives with the knowledge necessary to prioritize and improve their organization’s cybersecurity defenses by delving deeply into these findings.
The Rising Tide of Vulnerabilities
The cybersecurity landscape is continuously changing, with new vulnerabilities emerging while old ones continue to be targeted. As of May 31, 2024, nearly a quarter million CVEs (237,687) have been published, with over 30,000 new CVEs added in the past 12 months. This surge poses a considerable challenge for vulnerability management teams who must prioritize remediation efforts while working with limited resources.
However, the report emphasizes that “more vulnerabilities don’t necessarily mean the world is less secure” but rather reflects changes in how CVEs are disclosed.
Key Takeaways for C-Suite Executives:
- Improve vulnerability management processes to handle increased CVE volume.
- Invest in advanced tools and resources to quickly prioritize and address new vulnerabilities.
History of Published and Exploited CVEs
Exploited Vulnerabilities: An Overview
Out of the vast number of published CVEs, 13,807 have shown exploitation activity. While only about 6% of disclosed CVEs are actively exploited, those that are can represent significant risks. The research highlights the significance of “tracking and predicting which vulnerabilities are being exploited to effectively manage risk.”
Key Takeaways for C-Suite Executives:
- Use advanced technologies to identify and predict potential vulnerabilities for exploitation.
- Regularly update risk management techniques to address newly exploited vulnerabilities.
Vulnerabilities with Exploitation Activity
Fluctuations in Exploitation Activity
The number of vulnerabilities with documented exploitation activity fluctuates monthly, indicating a dynamic threat landscape. In 2023, around 10,000 CVEs were exploited, emphasizing the importance of agile and adaptable vulnerability control solutions. The research stresses that “exploitation is a relatively meaningless label” because it fluctuates with time, target, and volume.
Key Takeaways for C-Suite Executives:
- Utilize agile and adaptive techniques to address the dynamic threat landscape.
- Implement continuous monitoring and rapid response methods to prevent exploitation.
Unique CVEs with Exploitation Activity
Patterns of Exploitation Activity
The intensity and duration of exploitation activity can vary significantly:
- Continuous Exploitation: Some vulnerabilities are repeatedly exploited for extended durations.
- Sporadic Exploitation: Certain vulnerabilities experience bursts of exploitation activity.
- Short-Lived Exploitation: Some vulnerabilities are only temporarily exploited.
The EPSS report demonstrates several exploitation patterns, emphasizing that “exploited” should not be interpreted as a simple yes or no. When selecting vulnerabilities for prioritization, the intensity and length of exploitation are crucial considerations.
Key Takeaways for C-Suite Executives:
- Prioritize vulnerabilities based on exploitation patterns, including intensity and duration.
- Customize remediation procedures to address each vulnerability’s specific exploitation behaviors.
Disparity in Observed Exploitation Activity
New vs. Old Exploitation
One key insight from the report is that older vulnerabilities are often targeted more frequently than newer ones. About a third of monthly exploitation activity is novel, while the majority involves previously observed vulnerabilities. This dispels the myth that attackers only target fresh vulnerabilities and emphasizes the necessity of long-term vulnerability control measures.
Key Takeaways for C-Suite Executives:
- Maintain a balance between fixing emerging vulnerabilities and managing those that are still actively exploited.
- Regularly examine older vulnerabilities to ensure proper management and mitigation.
Vulnerabilities with Known Exploitation Activity
Recency and Duration of Exploitation
The EPSS report provides valuable insights into how long vulnerabilities are exploited:
- Time to First Exploitation: Around 8% of exploited vulnerabilities were targeted before CVE publication, most likely due to “reserved but public” CVEs. Additionally, 40% of CVEs are exploited within a month after disclosure.
- Duration of Exploitation: Most exploitation activity occurs within the first year, with only 7% of CVEs being exploited after three years of publication.
Key Takeaways for C-Suite Executives:
- Consider setting remedial SLAs based on time-to-exploitation data rather than just vulnerability severity.
- Use this data to prioritize vulnerabilities that are likely to be exploited quickly after release.
Recency of Exploitation Activity
Widespread Exploitation Among Organizations
Despite the widespread attention that some vulnerabilities receive, only 5% of exploited CVEs are reported by more than 10% of organizations. This data challenges the belief that exploited vulnerabilities are ubiquitous and highlights the importance of understanding the nature and scope of exploitation.
Key Takeaways for C-Suite Executives:
- Understand the nature and scope of exploitation to effectively manage and mitigate risks.
- Tailor security strategies based on your organization’s specific threat landscape.
Prevalence of Exploitation Activity
Conclusion: Take Action to Protect Your Organization
In today’s rapidly evolving threat landscape, understanding the patterns and dynamics of exploited vulnerabilities is not just a technical necessity—it’s a strategic imperative. The insights from the EPSS report offer a powerful lens through which organizations can predict and prioritize potential threats before they escalate into critical incidents. By staying informed and proactive, you can significantly reduce your risk exposure and strengthen your organization’s overall security posture.
But knowledge without action is powerless. Now is the time to transform these insights into tangible steps that protect your organization’s digital assets. Leverage the EPSS data to refine your vulnerability management strategies, focus on the threats most likely to impact your business, and ensure your defenses are as dynamic as the threats you face.
Don’t wait until your vulnerabilities are exploited—take action now.
- Download the full EPSS report for a deeper understanding of exploitation trends and how they can inform your cybersecurity strategy.
- Engage with industry peers in discussions about best practices and learn from real-world experiences.
- Implement the report’s recommendations to bolster your organization’s defenses and stay ahead of the exploit curve.
By taking these steps, you not only protect your organization but also contribute to a safer digital ecosystem for all. To further bolster your defenses, SiteWALL offers a free web assessment for your website and web applications, providing real-time visibility into your application vulnerabilities. Stay ahead of threat actors—because “one single vulnerability is all an attacker needs.”
Don’t let your guard down in the digital realm. Validate your website’s security posture and risk score against today’s sophisticated cyber-attacks. Take advantage of this opportunity to assess and secure your digital assets with confidence. Get started with your free assessment today.