A total of 26,447 vulnerabilities were disclosed in 2023, an increase of more than 1,500 CVEs from the previous year. The data comes from the latest report published by the Qualys Threat Research Group (TRU).
Notably, less than 1% of these vulnerabilities pose the highest risk and are actively exploited by ransomware, threat actors, and malware.
The key findings show that 97 high-risk vulnerabilities that may be exploited are not listed in CISA's list of known exploited vulnerabilities. In addition, 25% of high-risk vulnerabilities were exploited on the day of release.
An in-depth study of the vulnerability threat landscape also highlights that more than 7,000 vulnerabilities have proof-of-concept exploits, while 206 vulnerabilities have reduced exploits, increasing the likelihood of a successful compromise.
The report shows that 325% of high-risk vulnerabilities affect network devices and web applications, emphasizing the need for a comprehensive vulnerability management strategy. Qualys Tru also revealed that the average time to exploit a high-risk vulnerability in 2023 is 44 days.
The top MITRE attacks and attack tactics and techniques used in the attack include the exploitation of remote services, public-facing applications, and privilege escalation.
The most exploited vulnerabilities are CVE-2023-27350 in Papercut NG and CVE-2023-0669 in Fortra Goanywhere MFT.
Threat actors such as TA505 (also known as the CL0P ransomware gang), malware such as Lockbit and CLOP, have played a significant role in high-profile cyberattacks, exploiting zero-day vulnerabilities and emphasizing the need to strengthen cybersecurity measures.
As organizations grapple with the dynamic nature of cyber threats, Qualys Tru recommends a multifaceted approach to prioritizing vulnerabilities, focusing on vulnerabilities known in the wild, those with a high probability of exploitation, and those with a high potential for exploitation.
John Gallagher, Vice President of Viakoo Labs, commented, "The necessity of this report is for organizations to evaluate their threat mitigation and threat remediation strategies. Threats are growing in number and velocity, making automation essential for organizations to reduce average time to utilization. Best practices must be followed to prevent lateral movement and RCE (remote execution) within the organization. ”
These measures include enabling effective network segmentation, considering all devices and applications, automating patching and password rotation across device fleets, and extending Zero Trust principles to all network-connected systems.