Last updated at Tue, 21 May 2024 21:19:49 GMT
今天, 在我们的指挥峰会上, we released our 2024 Attack Intelligence Report, which pulls in expertise from our researchers, 我们的侦查和反应小组, 威胁情报小组. The result is the clearest picture yet of the expanding attack surface 和 the threats security professionals face every day.
从2020年底开始, we’ve seen a significant increase in zero-day exploitation, ransomware攻击, 和 mass compromise incidents impacting many organizations worldwide. We have seen changes in adversary behaviors with ransomware groups 和 state-sponsored threat actors using novel persistence mechanisms 和 zero-day exploits to great effect.
Our 2024 Attack Intelligence Report is a 14-month look at data for marquee vulnerabilities 和 attack patterns. From it, we identified trends that are helpful for every security professional to underst和.
一些主要发现包括:
A consistently high level of zero-day exploitation over the last three years. Since 2020, our vulnerability research team has tracked both scale 和 speed of exploitation. 过去三年里有两年, more mass compromise events have arisen from zero-day exploits than from n-day exploits. 53% of widely exploited CVEs in 2023 和 early 2024 started as zero-day attacks.
Network edge device exploitation has increased. Large-scale compromises stemming from network edge device exploitation has nearly doubled in 2023. We found that 36% of the widely exploited vulnerabilities we tracked occurred within network edge technology. 其中60%是零日攻击. These technologies represent a weak spot in our collective defenses.
勒索软件仍然是一笔大生意. We tracked more than 5,600 ransomware攻击 between January 2023 和 February 2024. And those are the attacks we know about, as many attacks may go unreported for a number of reasons. The ones we were able to track indicated trends in attacker motive 和 behavior. 例如, we saw an increase in what we term “smash-和-grab” attacks, particularly those involving file transfer solutions. A smash-和-grab attack sees adversaries gaining access to sensitive data 和 performing exfiltration as quickly as possible. While most ransomware incidents Rapid7 observed were still “traditional” attacks w在这里 data was encrypted, smash-和-grab extortion is becoming more common.
Attackers are preferring to exploit simple vulnerability classes. While attackers still target tougher-to-exploit vuln classes like memory corruption, most of the widely exploited CVEs we have tracked over the last few years have arisen from simpler root causes. 例如, 75% of widespread threat CVEs Rapid7 has analyzed since 2020 have improper access control issues, like remotely accessible APIs 和 authentication bypasses, 和 injection flaws (like OS comm和 injection) as their root causes.
These are just a few of the key findings in our 2024 Attack Intelligence report. The report was released today in conjunction with our Take Comm和 Summit — a day-long virtual cybersecurity summit, of which the report features as a keynote. The summit includes some of the most impactful members of the security community taking part in some of the most critical conversations at this critical time. 你可以阅读这份报告 在这里.
