SecurityBrief Australia logo
Australia's leading source of cybersecurity and cyber-attack news
Story image

Zero-day attacks climb as hackers get more sophisticated

By Contributor
Mon 18 Jul 2022

Article by Rapid7 vulnerability research and security response leader Caitlin Condon.

Hackers are moving fast to exploit security vulnerabilities. There was a surge in widespread zero-day attacks last year, with the average time to exploitation down from 42 days in 2020 to just 12 days in 2021. 

This ‘Time to Known Exploitation’ (TTKE) represented a 71% decrease from the previous year, largely due to the heightened volume of zero-day attacks, many of which were eventually used by ransomware gangs.

With ongoing geopolitical uncertainties and the threat on nations opposing Russia’s war in Ukraine, governments are urging organisations to strengthen their cyber defences to counter the increased potential threat of state-sponsored cyber-attacks. This is just one more reason why it is important that security and risk teams have a clear view of the broad range of critical vulnerabilities and threats they face, with particular emphasis on technologies they know are central to their business operations.

In our 2021 Vulnerability Intelligence Report, we presented a thorough assessment of last year’s attack landscape, with an expert analysis of attack vectors and exploitation trends from what was a truly harrowing year for risk management teams around the world.

Not only were governments and organisations grappling with the COVID-19 pandemic, but security teams faced a rapid rise in attack complexity and scale. Widespread attacks leveraging vulnerabilities in commonly deployed software were endemic, ransomware risk continued to rise, and zero-day exploitation reached what was considered to be an all-time high. The report detailed 50 notable vulnerabilities, of which 43 were exploited in the wild, and it highlighted several non-CVE-based attacks, including significant supply chain security incidents.

Many of 2021’s critical vulnerabilities were exploited quickly and at scale, dwarfing attacks from previous years and giving businesses little time to shore up defences in the face of rapidly rising risk. On any given day, security professionals found themselves needing to prioritise and address viable threats from an overwhelming number of reported vulnerabilities.

Six months into 2022, we continue to see widespread attacks that are following a similar pattern to the widely exploited security flaws we saw in previous years, and which increased by a whopping 136% in 2021.

With attacker economies of scale like ransomware and coin mining operations continuing to mature, it’s likely that widespread attacks will remain the norm. In addition, the commonality of zero-day attacks continues to be a trend, putting further pressure on organisations’ security teams.

Last year, 52% of widespread threats began with a zero-day exploit. These vulnerabilities were discovered and weaponised by adversaries before vendors were able to patch them. A much higher proportion of zero-day attacks are now threatening many organisations from the outset instead of being used in more targeted operations.

This year, we have witnessed several high-profile attacks against common enterprise applications that sit in critical places in organisations’ networks, such as access and network management software. We have also seen a long tail of exploitation from Log4Shell — highlighting our reliance on open-source libraries and shared components — which can be tough to detect and deeply embedded in technology stacks.

Naturally, security teams are paying more attention to these threats, but we urge organisations not to lose sight of vulnerabilities that arise in exposed and critical technologies, particularly those that sit at the edge of networks or govern internal network infrastructure. Flaws in firewalls, VPNs, internet-facing portals, and DevOps systems continue to be targets for both advanced and low-skilled adversaries, regardless of any specific geopolitical threats. These known vulnerabilities can be unwittingly exposed and continue to be ‘an easy way in’ for bad actors. In addition, our intelligence indicates that these types of vulnerabilities are getting attacked regularly; therefore, organisations need to continue to pay attention to them.

The first half of 2022 has so far followed expected patterns of exploitation, with few surprises.

But for any team tasked with risk management, no matter whether it is vulnerability risk management or something else, we see the layering of these different challenges putting pressure on both resources and time.

And whilst the current environment may seem foreboding, there is positive news. First, the security industry is better able to detect and analyse zero-day attacks, which has helped improve commercial security solutions and open-source rule sets. Second, while we would never call the rise of ransomware a positive thing, the universality of the threat has spurred more public-private cooperation and driven new recommendations for preventing and recovering from ransomware attacks.

Furthermore, research-driven context on vulnerabilities and emergent threats is critical to building forward-looking security programs. In line with that, organisations of all sizes can implement battle-tested tactics to minimise easy opportunities for attackers and shore up defences.

As we look ahead, security teams should expect further zero-day attacks and widespread exploitation. Whilst many organisations are a lot better at detecting these attacks, it is important to avoid complacency.

As long as there is an attack surface area available to them, attackers will continue to look for opportunities to profit or gain key access to corporate networks. The probability of an attack for an average business has increased, so organisations as a whole — not just information security teams but executive and board-level stakeholders, too — must work together to evolve their approaches to risk management.

Related stories
Top stories
Story image
ExtraHop
Organisations exposing highly sensitive protocols to public internet
More than 60% of organisations expose remote control protocol SSH to the public internet, while 36% of organisations expose the insecure FTP protocol.
Story image
IDC
High level of Customer Identity & Access Management adoption
The study from Okta revealed that the pandemic has either accelerated or highlighted the need for digital-first strategies.
Story image
Microsoft
Microsoft, NSW partnership to accelerate digital transformation
The renewed partnership is designed to maximise the value of Microsoft solutions to various NSW Government agencies.
Story image
Ransomware
Big business in cryptocurrencies and cybercrime
As of June this year, about a quarter (26%) of Australians considered cryptocurrency as a good investment, and over 36% have at one point considered buying cryptocurrency as an investment.
Story image
Remote Working
Cybersecurity concerns higher than before the pandemic - report
BeyondTrust's new survey shows Australian organisations are more concerned about cyberattacks than they were before the COVID-19 pandemic.
Story image
Privileged Access Management / PAM
The importance of stopping identity sprawl for cybersecurity
The 2021 Data Breach Investigations Report (DBIR) shows that 61% of all breaches involve malicious actors gaining unauthorised, privileged access to data by using a compromised credential. Unfortunately, it is often too late when the misuse of a credential is detected.
Story image
Dark web
Beware the darkverse and its cyber-physical threats
A darkverse of criminality hidden from law enforcement could quickly evolve to fuel a new industry of metaverse-related cybercrime.
Story image
Gaming
Attacks on gaming companies more than double over past year
The State of the Internet report shows gaming companies and gamer accounts are at risk, following a surge in web application attacks post pandemic.
Story image
Gartner Magic Quadrant
Gartner positions Commvault as Leader in 2022 Magic Quadrant
Gartner has named Commvault a Leader in its 2022 Gartner Magic Quadrant for Enterprise Backup and Recovery Software Solutions report.
Story image
Data Protection
Cloud privacy, data protection more complex than on-prem
In the past 12 months, over a third of Australian businesses (36%) experienced a cloud-based data breach or failed audit. 
Story image
Healthcare
SOTI research explores professional's thoughts on digitisation in the healthcare sector
Interconnectivity, automation and data management were the three key trends highlighted in the report as integral parts of successful medical technology implementation.
Story image
Open source
Flashpoint acquires Echosec Systems, elevates OSINT capabilities
Flashpoint has acquired Echosec Systems, a provider of open-source intelligence and publicly available information.
Story image
Cybersecurity
Qualys develops EASM capabilities for Cloud Platform
"Qualys unique approach to EASM is integrating the internal and external asset data from CyberSecurity Attack Management with its VMDR solution into a single view."
Story image
Malware
Research shows attacks on the gaming industry are getting worse
Web application attacks in the gaming sector have grown by 167% from Q1 2021 to Q1 2022, according to new research from Akamai.
Story image
Firewall
Fortinet unveils compact firewall for hyperscale data centres, 5G networks
"Fortinet’s dedication to pushing the boundaries of what is possible in security performance has yielded the most powerful compact firewall yet."
Story image
Digital Transformation
Dear boardroom, please don’t put digital transformation back in the box
Australian companies are years ahead of where they would have been – a position that the country is poised to take advantage of to do great things. And one that it risks losing.
Story image
SaaS
Claroty launches new cloud-based industrial cybersecurity platform
The company says Claroty xDome is the industry's first solution to deliver the ease and scalability of SaaS without compromising on visibility, protection, and monitoring controls.
Story image
Mergers and Acquisitions
Netskope acquires Infiot, delivers integrated SASE platform
Converged SASE platform provides AI-driven zero trust security and simplified, optimised connectivity to any network location or device, including IoT.
Story image
Cybersecurity
Palo Alto Networks responds to rise in threats with MDR service
Unit 42 Managed Detection and Response is a new service that can offer continuous 24/7 threat detection, investigation and response.
Story image
Gartner
Veeam named Leader in enterprise backup and recovery
"We believe our innovation and ability to execute validates our solid standing as the #1 trusted provider of modern data protection."
Story image
Migration
Four benefits companies can realise by transitioning to S/4HANA early
Although there is time before organisations are required to transition to a cloud-based solution, such as S/4HANA, it is beneficial to transition now. Waiting too long could complicate the process.
Story image
Biometrics
AU biometric security company achieves B Corp cert
Australian biometric security firm Daltrey has announced it has become the first cybersecurity vendor in AU to achieve the B Corp certification.
Story image
Ransomware
Ivanti and SentinelOne partner on patch management solution
Ivanti and SentinelOne will integrate their technologies Ivanti Neurons for Patch Management and SentinelOne's Singularity XDR platform.
Story image
Malware
Nozomi Networks Labs identifies impacts on 2022 threat landscape
Nozomi Networks’ latest research finds that wiper malware, IoT botnet activity, and the Russia/Ukraine war have had the biggest impact on the threat landscape in 2022 so far.
AWS Marketplace
See how managed security services (MSS) have evolved to Managed Detection and Response (MDR) and Extended Detection and Response (XDR). Learn how these new holistic solutions can simplify security management and improve your threat detection and response.
Link image
Story image
Data Protection
CyberRes partners with Google Cloud in lead up to BigQuery release
CyberRes, a Micro Focus line of business, has announced a partnership with Google Cloud to support the upcoming release of BigQuery remote functions.
Story image
Cybersecurity
Optic Security Group on Australia recruitment drive
Trans-Tasman security integrator looks to meet the twin challenges of high client project demand tight & labour market supply with new opportunities.
Story image
Rubrik
Gartner names Rubrik Leader in 2022 Magic Quadrant
Rubrik has been positioned by Gartner as a Leader in the 2022 Magic Quadrant for Enterprise Backup and Recovery Software Solutions.
Story image
Web application firewall
Radware recognised in KuppingerCole’s 2022 Leadership Compass report
Radware has been named a Product, Innovation, Market and Overall Leader in the 2022 KuppingerCole Leadership Compass report for Web Application Firewalls.
Story image
SAP
Microsoft unveils two new security products to help reduce attack surfaces
The products are set to give companies deeper insights into threat actor activity and help them successfully navigate the changing threat landscape.
Story image
Indusface
Why enhancing bot protection for web and API endpoints matters
The trouble with bots is that they aren’t all bad. Unfortunately, this can make it challenging to detect malicious bots that find their way into your system and threaten your business.
Story image
API
Security gaps in APIs plague organisations - study
Together, the findings highlight that existing solutions and API security tactics focused on shift-left strategies are failing to adequately protect APIs.
Story image
Artificial Intelligence
Exclusive: NZ-based DEFEND offers global cyber protection
DEFEND supports customers in 66 countries across the globe with a relentless focus on ensuring that every dollar spent on security provides a meaningful return on investment and reduces cyber risk.
Story image
Cheetah Digital
Privacy, data ethics and the ‘seismic shift’ in consumer trust
Aussie consumers have low levels of trust for advertising, but will pay more to purchase from a trusted brand, a new report from Cheetah Digital reveals.
Story image
Neat
Workplace design a crucial factor for better employee experience - report
The key to a successful workplace could be its design, according to research from Ecosystm and Neat.
Story image
Data Protection
Video: 10 Minute IT Jams - An update from SearchInform
Alexey Pinchuk joins us today to discuss the role the company plays in helping organisations manage risk and provide better security outcomes.
AWS Marketplace
Learn how security orchestration, automation, and response (SOAR) enhances your security strategy.
Link image
Story image
Compliance
Why security needs to shape your journey to the cloud
It's estimated that 80% of workloads could be in the cloud in the next few years. How can you make all that data secure?
Story image
Healthcare
Why the Metaverse could be the key to enhancing the healthcare sector
The experts at Accenture understand that the programmable world is about building the next version of the physical world in healthcare, understanding complex layers in order to fully utilise technology to its maximum effect.
Story image
Cloud
DCI plans to build new cloud edge data centre in Canberra
DCI is one of the first to commit to the Precinct which has a focus on defence, space, cybersecurity and high-tech manufacturing sectors.
Story image
Data Protection
VMware introduces advanced workload protection for AWS
VMware Carbon Black Workload for AWS delivers comprehensive visibility and security across on-premises and cloud environments for AWS customers.
Story image
Malware
Avast One extends protection with Online Safety Score
Avast One has extended its cross-platform support by adding its Online Safety Score feature to both the Mac and iOS platforms of Avast One.