Rapid7 finds zero-day attacks surged in 2021


Defenders have much less time than ever to patch their devices and prepare for exploits towards program vulnerabilities.

Research from safety vendor Speedy7, which examined assaults on 50 of the most notable vulnerabilities above the 2021 calendar calendar year, discovered that compared to 2020, the ordinary time in between a vulnerability’s public release to its 1st identified exploitation dropped by 71%. The checklist of 50 vulnerabilities involved notorious threats this sort of as the ProxyLogon flaws in Microsoft Trade Server and the the latest Log4Shell bug.

On ordinary, the Speedy7 group uncovered, it took attackers roughly 12 days to turn a vulnerability disclosure into a operating exploit. By comparison, the 2020 calendar year noticed a turnaround of 42 times on common.

Zero days the selecting component

According to the Immediate7 2021 Vulnerability Intelligence Report, this meteoric drop in “time to regarded exploitation,” or TTKE, isn’t really automatically due to the fact attackers are acquiring much better at turning all-around vulnerability disclosures into doing the job exploits. Relatively, the researchers located that more cybercriminals ended up utilizing zero-working day exploits.

The investigation located that 43 of the 50 vulnerabilities were exploited in the wild, and 50% of the exploits they analyzed were the result of previously undisclosed flaws. In addition, 58% of the bugs were turned into exploits significantly less than two weeks from their general public disclosure.

“The rise in widespread zero-working day assaults in 2021 was the main driver of reduced time to exploitation shorter TTKE has also intended that organizations’ incident reaction and unexpected emergency patch methods have been set to the exam, and any security or IT team who didn’t have these protocols in area was at a significant downside,” the report stated.

By comparison, 2020 saw close to 30% of bugs exploited in 1 week, and 32% have been turned into exploits in below two weeks. 

Caitlin Condon, vulnerability investigation manager at Immediate7 and co-writer of the report, explained that the sharp increase in zero-day attacks is specially concerning as it implies directors are more most likely than ever to be served with exploits and attacks with no warning.

“Arguably much more alarming than the lower in time to recognized exploitation by by itself is the truth that additional than half of the vulnerabilities in our widespread danger classification began with a zero-working day exploit,” Condon told SearchSecurity. “Which is a key change from the earlier year, the place only a single of the vulnerabilities in our prevalent threat category arose from a zero-day exploit.”

The decrease in exploit time was a person of several results from the report that really should worry community defenders. In addition to the decrease exploit time, the team recognized that code injection attacks, ransomware heists, and attacks on open up resource libraries as element of provide chain assaults ended up all on the increase around the calendar 12 months.

In addition, the increase in attacks came as several firms ended up working with much less personnel than prior yrs.

“The menace landscape in 2021 brought historical security lessons to bear in novel, pressing ways even as the lingering pall of the COVID-19 pandemic drove staffing and price range constraints across businesses of all sizes,” Speedy7 said in its report.

“A increase in attack complexity as well as severity additional compounded the worries safety groups confronted in 2021.”