Last year saw marked increases in contrast to past years regarding complexity, urgency, and attack volume, particularly concerning critical vulnerabilities that have threatened major organizations and the internet at large. This has left organizations little time to defend themselves, security researchers said.
2021’s Critical Vulnerabilities Exploited Quickly and at Scale
Key findings reflected a “136% increase in widespread threats over 2020, due in part to attacker economies of scale, like ransomware and coin mining campaigns” the report stated. Furthermore, threat intelligence noted a significant rise in zero-day attacks. Cybercriminals also achieved a much faster time to known exploitation (TTKE) in 2021, 71% quicker than in previous years. 52% of 2021’s widespread threats that hit several industries and organizations began with a zero-day exploit — which is when a vulnerability is weaponized before developers have the chance to fix it. The widespread Microsoft Exchange ProxyLogon and Log4Shell CVE-2021-44228 vulnerabilities are prime examples of such threats, the report stated.
Other Prevalent Themes
Adding to that, other themes from 2021 were “an increase in driver-based attacks and injection exploits, as well as ongoing threats to software supply chain integrity” catalyzed by the COVID-19 pandemic and an increase in sophisticated cybercrime the report said. Cybercriminals particularly focused on compromising commonly deployed software, ransomware activity increased sharply and zero-day exploitation was unprecedented, the report said. Adding to that, injection attacks, driver-based attacks, high-profile attacks on CI/CD tooling, attacks on popular open-source libraries, and upstream service providers all “contributed to ongoing fears about threats to software supply chain integrity,” the report stated.
The Good News
“While this may sound grim, there is some good news” security researchers wrote. Given the amount of ransomware, zero-day threats and a more complex threat landscape in general now, the good news is that the security industry is better prepared and this has spurred more public-private cooperation. “For one thing, the security industry is better able to detect and analyze zero-day attacks. This, in turn, has helped improve commercial security solutions and open-source rule sets,” the report stated.
Risk Management Recommendations
For this year and the foreseeable future, it is important to focus on prioritizing remediation for the vulnerabilities in 2021’s data set, security researchers added. Secondly, Rapid7 recommends organizations of all sizes heed the following “battle-tested tactics” to deter attackers looking for easy access:
Knowing which technologies an organization uses across their stack, how they are configured, and who has access to them leads to better decisions and response time. This is also known as the “asset inventory.” Organizations limiting and monitoring their internet-facing attack surface area will be better secured, which means paying “particular attention to security gateway products, such as VPNs and firewalls.” Establishing emergency zero-day procedures, incident response playbooks, and ensuring regular patching cycles is key to a solid cyber defense strategy. Organizations should conduct incident response investigations (IOCs) and scan for post-exploitation activity during widespread threat events. Deploying in-depth security measures to defend development pipelines from supply chain attacks is a key area of concern for all organizations.
For more information on the exact widespread and known exploited vulnerabilities (CVEs) organizations should be cautious about, organizations can refer to the full Rapid7 2021 Vulnerability Intelligence Report. For additional tips on how to protect a small business, read our full guide on the 10 cyber security tips to keep your small business safe.