Top Categories

Spotlight

todayApril 30, 2024

Cyber security Csaba Krasznay

Vulnerability trends in early 2024

What is being hacked and why? With the press reporting serious software vulnerabilities week after week, we investigated whether the situation this year is really as bad as the news suggests. Confluence vulnerability here, Ivanti vulnerability there, all of this spiced up with some Microsoft attacks here and there, of [...]


Vulnerability trends in early 2024

Cyber security Csaba Krasznay todayApril 30, 2024 88 5

Background
share close

What is being hacked and why?

With the press reporting serious software vulnerabilities week after week, we investigated whether the situation this year is really as bad as the news suggests.

Confluence vulnerability here, Ivanti vulnerability there, all of this spiced up with some Microsoft attacks here and there, of course all exploited by nation state attackers or minimum ransomware groups. If you read the cybersecurity press carefully, you can’t miss the list of CVEs with a minimum rating of 10 in the weekly scare column. In fact, we at White Hat IT Security can confirm from our Security Operation Center data that there is a new CVE every week that would inconvenience our customers if they were not detected in time by us. But is the situation worse than this time last year? Has the threat landscape changed in 2024? To investigate this, we would like to present some interesting statistics, with the help of CVE Details.

Let’s start with the number of vulnerabilities identified!

In 2023, the number of identified CVEs broke all previous records, with a total of 29 065 new entries in the database. This record is likely to be broken this year, as the number of CVEs found in 2024 was 11 832 at the time of writing, while in the same period in 2023 there were only 9 163 vulnerabilities on the list. However, looking at the distribution of these, last year at this time the average CVSS score was 7,7, with 1 692 with a CVSS rating of more than 9. So far this year the average is only 5,9 and the highest category has 1 211 records. Of course this is not reassuring, but fortunately only 27 of this year’s hits have known exploits, while in 2023 a total of 144 vulnerabilities have been written by researchers, professionals or cybercriminals. In the CISA Known Exploited Vulnerabilities Catalogue, all exploits known this year are currently in an actively exploited status.

Targeted Sectors: Supply Chains and Development

Perhaps all cybersecurity experts would agree that there is no perfectly secure system, it is just a matter of time and will when a software vulnerability is found. Yet it is interesting to note that among the actively exploited flaws, there are a striking number of products that are perimeter security or network security solutions or software packages that support development processes. If we compare this with the attack trends, the choice is not a coincidence. Indeed, access to software developers provides an opportunity to both extensively assess their customer relationships, including bug reports from individual users, and to build backdoors into the software in a stealth operation that can be exploited by attackers at the end-user level. Attacking supply chains in this way therefore makes the software industry particularly vulnerable to attackers, and as there is no direct compliance requirement to meet, this trend will not change until it is recognised that cyber security is also important in this segment, especially if the attacker’s objective is not a covert operation but the introduction of a common ransomware virus.

Vendor Obligations: The Security Dilemma

The case of network security solution vendors is a little different. The customer would have a right to expect a security product to be secure. All too often, however, it turns out that many companies have not done their due diligence in developing their solutions and use software components that are a decade out of date, trusting that a closed operating environment will provide sufficient security. However, it is precisely these solutions that attackers tend to target, since a network device is typically a bottleneck whose availability is critical, so targeting it with distributed denial of service (DDoS) attacks guarantees success, and valuable information is passed through such devices that can be useful to the attacker. Not to mention that by spoofing perimeter security systems, it is possible to gain access to an organisation’s internal network, eliminating the need to carry out more spectacular attacks on end users.

Towards Enhanced Software Security

Therefore, in some ways the situation is worse than this time last year, but in other ways it seems manageable. What is certain is that the security of software development is becoming more critical, and the leaders of the victimised vendors are making loud commitments to ensure that security is now implemented in their products. But in addition, everyone who uses software or network devices – and who doesn’t? – should be prepared for a critical vulnerability that is sure to show up in their system. Our Security Operation Center is tasked with identifying and addressing incidents as they develop, but with ongoing vulnerability testing, these incidents don’t necessarily have to happen. Security should be provided 24/7/365. We can solve it.

Written by: Csaba Krasznay

Tagged as: , , , , .

Rate it
Previous post

Similar posts

Cyber security Csaba Krasznay / April 30, 2024

Vulnerability trends in early 2024

What is being hacked and why? With the press reporting serious software vulnerabilities week after week, we investigated whether the situation this year is really as bad as the news suggests. Confluence vulnerability here, Ivanti vulnerability there, all of this spiced up with some Microsoft attacks here and there, of course all exploited by nation ...

Read more trending_flat