Caitlin Condon

Rapid7's 2024 Attack Intelligence Report was released today and includes insights from 14 months of vulnerability and exploit analysis, thousands of ransomware incidents, 180+ APT campaigns, and a year+ of Rapid7 incident response findings.

https://www.rapid7.com/research/report/2024-attack-intelligence-report/

Get The 2024 Attack Intelligence Report - by Rapid7 Labs Research

Rapid7 Labs has upped the ante with the 2024 Attack Intelligence Report, a 14-month look at attacker behaviors. Explore key findings and get expert advice.

Rapid7
May 21, 2024 at 6:48pmWeb
Show threadCaitlin CondonMay 21, 2024

Among our 2024 findings:

* In 2023, for the second time in three years, more mass compromise events arose from zero-day vulnerabilities than from n-day vulnerabilities. 53% of net-new widespread threat CVEs through the beginning of 2024 were exploited as 0day.

* Nearly a quarter (23%) of mass compromise events arose from well-planned, highly orchestrated zero-day attacks in which a single adversary compromised dozens or hundreds of organizations in one fell swoop, often leveraging custom tooling like proprietary exploits and backdoors.

* 5,600+ tracked ransomware incidents shed more light on the global menace ransomware has become to consumers, businesses, governments, and society.

* 41% of incidents Rapid7 IR saw in 2023 involved remote access to systems without MFA.

Show threadCaitlin CondonMay 21, 2024

* Mass compromise events stemming from exploitation of network edge devices nearly doubled between January 2023 and January 2024, with 36% of broadly exploited vulnerabilities occurring in network perimeter technologies.

60+% of the CVEs Rapid7 analyzed in network and security appliances in 2023 were exploited as zero-days.

Show threadCaitlin CondonMay 21, 2024

* While skilled adversaries are still fond of memory corruption exploits, most of the widely exploited CVEs from the past few years have arisen from simpler, more easily exploitable root causes, like command injection and improper authentication issues.

* The majority of widely exploited vulnerabilities Rapid7 has tracked or analyzed since 2021 have been in products already written in memory-safe languages — namely Java and C#.

Show threadCaitlin CondonMay 21, 2024

There’s a ton of data and analysis in the paper as usual — one notable change this year is that all CVEs in our dataset for 2023 onward are confirmed to have been exploited in real-world production environments.

Resources and info here: https://www.rapid7.com/blog/post/2024/05/21/rapid7-releases-the-2024-attack-intelligence-report/

Huge thanks to @stephenfewer, @zeroSteiner, @ChristiaanB, and many others for contributing data, analysis, context, definitions, and overall brainpower!

Rapid7 Releases the 2024 Attack Intelligence Report | Rapid7 Blog

Rapid7
Show threadCaitlin CondonMay 21, 2024
As always, research is a community pursuit, and the end of this report contains a whole lot of citations from folks whose work we've used or benefited from. Thank you!
Show threadertudo May 21, 2024
@catc0n thank you!
Show threadGabriel NMay 22, 2024

@catc0n hmm, no direct link? :-(
Maybe you could send this to your Marketing team please

https://infosec.exchange/@gnyman/112372781706295745

If Verizon can do it, so can you. The alternative is that I (and everyone else) just enters some BS info to get the report which just leads to a bad marketing database, which in turns leads to the emails ending up in spam. Bad cycle, I'll bet anyone in your marketing team an Ice Cream that not giving people the option to bypass is a net-negative.

Gabriel :verified_paw: (@[email protected])

Attached: 1 image Thank you kind soul at Verizon who keep saying no to sales/marketing #DBIR2024

Infosec Exchange
Show threadCaitlin CondonMay 22, 2024
@gnyman happy to pass on the feedback — unfortunately, I'm not allowed to give out the ungated link publicly. I'm sure non-R7 folks can share the PDF directly though!