Last updated at Thu, 01 Aug 2024 15:09:41 GMT
今天, 在我们的指挥峰会上, we released our 2024 Attack Intelligence Report, which pulls in expertise from our researchers, 我们的侦查和反应小组, 威胁情报小组. The result is the clearest picture yet of the expanding 攻击表面 和 the threats security professionals face every day.
从2020年底开始, we’ve seen a significant increase in zero-day exploitation, ransomware攻击, 和 mass compromise incidents impacting many organizations worldwide. We have seen changes in adversary behaviors with ransomware groups 和 state-sponsored threat actors using novel persistence mechanisms 和 zero-day exploits to great effect.
Our 2024 Attack Intelligence Report is a 14-month look at data for marquee vulnerabilities 和 attack patterns. From it, we identified trends that are helpful for every security professional to underst和.
一些主要发现包括:
A consistently high level of zero-day exploitation over the last three years. Since 2020, our vulnerability research team has tracked both scale 和 speed of exploitation. 过去三年里有两年, more mass compromise events have arisen from zero-day exploits than from n-day exploits. 53% of widely exploited CVEs in 2023 和 early 2024 started as zero-day attacks.
Network edge device exploitation has increased. Large-scale compromises stemming from network edge device exploitation has nearly doubled in 2023. We found that 36% of the widely exploited vulnerabilities we tracked occurred within network edge technology. Of those, 60% were zero day exploits. These technologies represent a weak spot in our collective defenses.
勒索软件仍然是一笔大生意. We tracked more than 5,600 ransomware攻击 between January 2023 和 February 2024. And those are the attacks we know about, as many attacks may go unreported for a number of reasons. The ones we were able to track indicated trends in attacker motive 和 behavior. 例如, we saw an increase in what we term “smash-和-grab” attacks, particularly those involving file transfer solutions. A smash-和-grab attack sees adversaries gaining access to sensitive data 和 performing exfiltration as quickly as possible. While most ransomware incidents Rapid7 observed were still “traditional” attacks w在这里 data was encrypted, smash-和-grab extortion is becoming more common.
Attackers are preferring to exploit simple vulnerability classes. While attackers still target tougher-to-exploit vuln classes like memory corruption, most of the widely exploited CVEs we have tracked over the last few years have arisen from simpler root causes. 例如, 75% of widespread threat CVEs Rapid7 has analyzed since 2020 have improper access control issues, like remotely accessible APIs 和 authentication bypasses, 和 injection flaws (like OS comm和 injection) as their root causes.
These are just a few of the key findings in our 2024 Attack Intelligence report. The report was released today in conjunction with our Take Comm和 Summit — a day-long virtual cybersecurity summit, of which the report features as a keynote. The summit includes some of the most impactful members of the security community taking part in some of the most critical conversations at this critical time. 你可以阅读这份报告 在这里.