A staggering 70% of exploited vulnerabilities in 2023 were leveraged as zero days, meaning threat actors exploited the flaws in attacks before the impacted vendors knew of the bug’s existence or had been able to patch them. In addition, the average Time-to-Exploit (TTE) fell from 32 to just five days.
These were two of the findings of new research that also revealed a shift in ratios between n-day (vulnerabilities first exploited after patches are available) and zero-day vulnerabilities in the past few years. Throughout 2021 and 2022, analysts observed a 38/62 split between n-day and zero-day vulnerabilities. By 2023, the ratio had changed to 30:70.
Another significant revelation is that TTE has fallen significantly. According to the report, the average TTE throughout 2018 and 2019 was 63 days, falling to 44 by early 2021, 32 in 2022, and, finally, just five days in 2023.
What the Experts Say
Security experts have expressed concern over these statistics, urging organizations to implement measures to help security teams act swiftly to prevent cyberattacks.
Patrick Tiquet, Vice President of Security & Architecture at Keeper Security, emphasizes the growing threat posed by zero-day vulnerabilities. “What once took a month to patch now requires action within just five days,” he notes, highlighting the need for robust, proactive security measures and well-prepared incident response plans.
Von Tran, Senior Manager of Security Operations at Bugcrowd, stresses the importance of a dedicated zero-day response team for effective collaboration. “It’s crucial for companies to have a dedicated team and escalation hotlines to prioritize fixes within this five-day window,” said Tran. He also recommends investing in solutions like External Attack Surface Management (EASM) to assess risks better.
Sarah Jones, Cyber Threat Intelligence Research Analyst at Critical Start, points to the need for rapid patch management and proactive threat hunting considering compressed TTEs. “Organizations must focus on seamless coordination and leveraging advanced tools to mitigate potential attacks,” she advised.
Enhanced Detection and Response Needed
As the number of identified vulnerabilities continues to rise, threat actors gain more opportunities to exploit these weaknesses. Mandiant says its findings indicate that exploits, both zero-days and n-days, have been the leading initial infection vector in Mandiant Incident Response (IR) engagements from 2020 to 2023.
This trend means that defenders must enhance their detection and response capabilities while adapting to incidents in real-time. Additionally, prioritizing patches has become increasingly challenging, as n-days are being exploited more rapidly and across a wider range of products.
The proliferation of available technologies broadens attack surfaces, highlighting the need to consider how a single vulnerable technology can impact systems and networks laterally. To mitigate the extent of affected systems and data during exploitation, it is essential to prioritize segmented architectures and access control measures.
Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.