We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
A new report from Skybox Research Lab unveiled that 20,175 new vulnerabilities were published in 2021, the most vulnerabilities ever reported in a single year. And these new vulnerabilities are just the tip of the iceberg. The total number of vulnerabilities published over the last 10 years reached 166,938 in 2021 — a three-fold increase over a decade. The report provides a deeper look at how quickly cybercriminals capitalize on new security weaknesses –shrinking the window that organizations have to remediate vulnerabilities ahead of an attack.
Operational technology (OT) vulnerabilities jumped 88%, which are used to attack critical infrastructure and expose vital systems to potentially devastating breaches. OT systems support energy, water, transportation, environmental control systems and other essential equipment. Attacks on these vital assets can inflict severe economic damage and even endanger public health and safety.
As new vulnerabilities appeared in 2021, threat actors wasted no time taking advantage of them. 168 vulnerabilities that published in 2021 were promptly exploited in the wild within 12 months — 24% more than the number of vulnerabilities published and subsequently exploited in 2020. In other words, threat actors and malware developers are getting better at weaponizing recent vulnerabilities.
New cryptojacking programs targeting known vulnerabilities increased by 75% year over year, along with the 42% rise in ransomware. Both cases illustrate how the malware industry is getting better at leveraging emerging business opportunities, providing a range of tools and services used by seasoned cybercriminals and inexperienced newbies alike.
The report paints a vivid picture of the new reality confronting CISOs and their teams. The findings reveal not only how vulnerabilities — especially in OT — are proliferating at an unprecedented rate, but how threat actors have gotten better and faster at capitalizing on them with a range of new malware and exploits.
All of the findings in the report, unless otherwise noted, are based on data from Skybox Research Lab, the threat intelligence division of Skybox Security.
Read the full report by Skybox Research Lab.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.