Zero-day Attacks Doubled in 2021

Zero-day exploits doubled last year, according to new research by security analytics and automation provider, Rapid7.

On Monday, the company published its latest Vulnerability Intelligence Report, examining the most notable security vulnerabilities and high-impact cyber-attacks of 2021.

“We research and publish this report to contextualize the vulnerabilities that introduce serious risk to a wide range of organizations,” said vulnerability research manager and lead Vulnerability Intelligence Report author, Caitlin Condon. 

“Our goal is to highlight exploitation trends, explore attacker use cases and offer a framework for understanding new security threats as they arise.”

More than 50% of the threats analyzed by Rapid7 in 2021 began with a zero-day exploit. Out of the 50 vulnerabilities included in the report, 43 were exploited in the wild and nearly half (20) were exploited as zero-day attacks before being patched by vendors. 

When comparing the number of vulnerabilities that were exploited as zero-day attacks in recent years, the researchers observed an increase of 100% from 2020 to 2021. 

While the number of attacks doubled, the amount of time between the public disclosure of a vulnerability and its known exploitation in the wild decreased in 2021 compared to 2020. Half of the CVEs in the report were exploited within seven days of public disclosure compared with 30% in 2020. More than half of the vulnerabilities (58%) were exploited within two weeks of public disclosure.

Broad, opportunistic exploitation increased significantly in 2021, with 66% of vulnerabilities featured in the report classified as widespread threats compared to 28% in 2020. More than 60% of widespread threats cited in the report were used in ransomware attacks.

Researchers observed a drop in the average time to known exploitation from 42 days in 2020 to just 12 days in 2021.

Condon said the report's findings indicated the possibility of more dangerous days on the horizon for typical businesses. 

"In years past, vulnerabilities and hacking incidents led to fewer widespread attacks,” added Condon. “The recent increase in ransomware, coin mining and other widespread attacks means the probability of an 'average business' being targeted has correspondingly increased.”

What’s Hot on Infosecurity Magazine?