Rapid7's 2024 Attack Intelligence Report was released today and includes insights from 14 months of vulnerability and exploit analysis, thousands of ransomware incidents, 180+ APT campaigns, and a year+ of Rapid7 incident response findings.
https://www.rapid7.com/research/report/2024-attack-intelligence-report/
Among our 2024 findings:
* In 2023, for the second time in three years, more mass compromise events arose from zero-day vulnerabilities than from n-day vulnerabilities. 53% of net-new widespread threat CVEs through the beginning of 2024 were exploited as 0day.
* Nearly a quarter (23%) of mass compromise events arose from well-planned, highly orchestrated zero-day attacks in which a single adversary compromised dozens or hundreds of organizations in one fell swoop, often leveraging custom tooling like proprietary exploits and backdoors.
* 5,600+ tracked ransomware incidents shed more light on the global menace ransomware has become to consumers, businesses, governments, and society.
* 41% of incidents Rapid7 IR saw in 2023 involved remote access to systems without MFA.
* Mass compromise events stemming from exploitation of network edge devices nearly doubled between January 2023 and January 2024, with 36% of broadly exploited vulnerabilities occurring in network perimeter technologies.
60+% of the CVEs Rapid7 analyzed in network and security appliances in 2023 were exploited as zero-days.
* While skilled adversaries are still fond of memory corruption exploits, most of the widely exploited CVEs from the past few years have arisen from simpler, more easily exploitable root causes, like command injection and improper authentication issues.
* The majority of widely exploited vulnerabilities Rapid7 has tracked or analyzed since 2021 have been in products already written in memory-safe languages — namely Java and C#.
There’s a ton of data and analysis in the paper as usual — one notable change this year is that all CVEs in our dataset for 2023 onward are confirmed to have been exploited in real-world production environments.
Resources and info here: https://www.rapid7.com/blog/post/2024/05/21/rapid7-releases-the-2024-attack-intelligence-report/
Huge thanks to @stephenfewer, @zeroSteiner, @ChristiaanB, and many others for contributing data, analysis, context, definitions, and overall brainpower!
Caitlin Condon
ertudo 