Hackers have become faster to exploit zero-day vulnerabilities

Cybercriminals are finding out more and more quickly every year how to exploit vulnerabilities in software. The so-called “time to known exploitation” (TTKE) has decreased by 71%, according to a new vulnerability report for 2021 by Rapid7. The average exploitation time of the vulnerability has decreased from 42 days in 2020 to just 12 days in 2021.

According to experts, the main reason for the decrease in TTKE was a surge in attacks using zero-day vulnerabilities, many of which were exploited by extortionate groups. As noted in Rapid7, 2021 was a difficult year for cybersecurity, which began with an attack on the SolarWinds supply chain, and ended with a completely critical vulnerability of Log4Shell (CVE-2021-44228) in the Apache Log4j logging platform based on Java, affecting millions of IT systems.

Rapid7 recorded 33 widespread vulnerabilities discovered in 2021, 10 problems that were “exploited in real attacks”, and 7 more dangerous problems due to an available exploit.

Experts have identified several interesting trends. For example, in 2021, 52% of major cyber incidents began with the exploitation of a zero-day vulnerability. Experts believe that the partners of cybercrime groups operating under the “extortion-as-a-service” business model are responsible for this trend. Last year, 64% of widely used vulnerabilities were exploited by ransomware.

The list of vulnerabilities for 2021 affects enterprise software from SAP, Zyxel, SonicWall, Access, VMware, Microsoft Exchange (ProxyLogon vulnerabilities), F5, GitLan, Pulse Connect, QNAP, Forgerock, Microsoft Windows, Kaseya, SolarWinds, Atlassian, Zoho, Apache HTTP server and Apache Log4j.