https://cloud.google.com/blog/topics/threat-intelligence/time-to-exploit-trends-2023
A new report by cybersecurity firm Mandiant reveals a concerning trend: attackers are exploiting vulnerabilities faster than ever before, with zero-day attacks (exploits for unknown vulnerabilities) outpacing patched vulnerabilities (n-days) at a record rate.
Key Findings:
- Zero-Day Dominance: 70% of vulnerabilities exploited in 2023 were zero-days, a significant increase from previous years.
- Rapid Exploitation: The average time to exploit a vulnerability after it’s discovered has plummeted to just five days, down from 63 days in 2018.
- Patching Challenges: Faster exploitation times make patch prioritization even more difficult for defenders.
- N-Day Persistence: Despite the rise of zero-days, attackers continue to exploit patched vulnerabilities, highlighting the importance of timely patching.
- Diversification of Targets: Attackers are targeting a wider range of vendors and products, expanding the attack surface for defenders.
Recommendations:
- Prioritize Efficient Detection and Response: Defenders need to improve their ability to detect and respond to attacks quickly, regardless of whether they exploit zero-day or n-day vulnerabilities.
- Strengthen Patch Management: Prioritization of patches needs to be more efficient, considering factors beyond just release date.
- Segment Networks and Implement Access Controls: Limit the potential damage from a successful attack by segmenting networks and restricting access.
- Don’t Rely Solely on Patching: While patching remains crucial, organizations shouldn’t neglect other security measures as a vulnerability can be exploited for months or even years after a patch is available.
The report highlights the evolving threat landscape and the need for organizations to adopt a layered approach to cybersecurity. Early detection, rapid response, and a focus on mitigating the potential impact of successful attacks are essential in today’s environment.