The variety of software program vulnerabilities found yearly continues to develop, with complete vulnerabilities found in a yr quick approaching the 30,000 mark. Nevertheless it’s essential for cybersecurity groups to establish exactly which vulnerabilities attackers are literally exploiting. Adjustments within the listing of criminals’ favourite vulnerabilities tremendously affect which updates or countermeasures must be prioritized. That’s why we usually monitor these adjustments. Thus, listed here are the conclusions that may be drawn from our Exploit and Vulnerability Report for Q1 2024.
Vulnerabilities have gotten more and more essential; exploits — simply out there
Due to bug bounty packages and automation, vulnerability searching has elevated considerably in scale. This implies vulnerabilities are found extra continuously, and when researchers discover an attention-grabbing assault vector, the primary recognized vulnerability is commonly adopted by an entire sequence of others — as we lately noticed with Ivanti options. 2023 set a five-year report for the variety of essential vulnerabilities discovered. On the similar time, vulnerabilities have gotten more and more accessible to an ever-wider vary of attackers and defenders — for greater than 12% of found vulnerabilities’ proofs of idea (PoC) grew to become publicly out there shortly after.
Exponential development of Linux threats
Though the parable that “nobody assaults Linux” has already been dispelled, many specialists nonetheless underestimate the size of Linux threats. Over the past yr, the variety of exploited CVEs in Linux and standard Linux functions elevated greater than threefold. The lion’s share of exploitation makes an attempt goal servers, in addition to varied units primarily based on *nix techniques.
A hanging instance of the curiosity of attackers in Linux was the multi-year operation to compromise the XZ library and utilities as a way to create an SSH backdoor in standard Linux distributions.
OSs include extra essential flaws, however different functions are exploited extra usually
Working techniques had been discovered to include probably the most essential vulnerabilities with out there exploits; nonetheless,  essential defects in OSs are hardly ever helpful for initially penetrating a corporation’s info infrastructure. Due to this fact, in the event you have a look at the highest vulnerabilities truly exploited in APT cyberattacks, the image adjustments considerably.
In 2023, the highest spot within the exploited vulnerabilities listing modified: after a few years of its being MS Workplace, WinRAR took its place with CVE-2023-38831 — utilized by many espionage and legal teams to ship malware. Nevertheless, the second, third, and fifth locations in 2023 had been nonetheless occupied by Workplace flaws, with the notorious Log4shell becoming a member of them in fourth place. Two vulnerabilities in MS Change had been additionally among the many most continuously exploited.
In first quarter of 2024, the state of affairs has modified fully: very handy safety holes in internet-accessible companies have opened up for attackers, permitting mass exploitation — specifically within the MSP software ConnectWise, and likewise Ivanti’s Join Safe and Coverage Safe. Within the reputation rating, WinRAR has dropped to 3rd place, and Workplace has disappeared from the highest altogether.
Organizations are too gradual in patching
Solely three vulnerabilities from the highest 10 final yr had been found in 2023. The remainder of the actively exploited CVEs date again to 2022, 2020, and even 2017. Which means that a big variety of firms both selectively replace their IT techniques or depart some points unaddressed for a number of years with out making use of countermeasures in any respect. IT departments can hardly ever allocate sufficient assets to patch every part on time, so a sensible medium-term answer is to spend money on merchandise for computerized detection of susceptible objects in IT infrastructure and software program updating.
The primary weeks after a vulnerability is publicly disclosed are probably the most essential
Attackers attempt to take full benefit of newly revealed vulnerabilities, so the primary weeks after an exploit seems see probably the most exercise. This must be thought-about when planning replace cycles. It’s important to have a response plan in case a essential vulnerability seems that immediately impacts your IT infrastructure and requires quick patching. After all, the automation instruments talked about above tremendously help on this.
New assault vectors
You possibly can’t focus solely on workplace functions and “peripheral” companies. Relying on a corporation’s IT infrastructure, important dangers can come up from the exploitation of different vectors — much less standard however very efficient for attaining particular malicious objectives. In addition to the already talked about CVE-2024-3094 in XZ Utils, different vulnerabilities of curiosity to attackers embrace CVE-2024-21626 in runc — permitting escape from a container, and CVE-2024-27198 within the CI/CD device TeamCity — offering entry to software program developer techniques.
Safety suggestions
Preserve an up-to-date and in-depth understanding of the corporate’s IT belongings, conserving detailed data of current servers, companies, accounts, and functions.
Implement an replace administration system that ensures the immediate identification of susceptible software program and patching. The Kaspersky Vulnerability Evaluation and Patch Administration answer mixed with the Kaspersky Vulnerability Information Feed is right for this.
Use safety options able to each stopping the launch of malware and detecting and stopping makes an attempt to use recognized vulnerabilities on all computer systems and servers in your group.
Implement a complete multi-level safety system that may detect anomalies within the infrastructure and focused assaults in your group, together with makes an attempt to use vulnerabilities and the usage of legit software program by attackers. For this, the Kaspersky Symphony answer, which may be tailored to the wants of firms of various measurement, is completely suited.
