There has been a 13% increase in average monthly common vulnerabilities and exposures (CVEs) from 2022 to 2023.
Cybersecurity should remain a top priority for businesses and individuals alike in 2023, according to the new Cyber Threat Index from Coalition. The index, backed by 10 years of data, revealed that there has been a 13% increase in average monthly common vulnerabilities and exposures (CVEs) from 2022 to 2023.
A CVE is defined as a known security flaw in a system or software. Coalition predicts there will be more than 1,900 new CVEs each month this year, including 270 high-severity and 155 critical-severity vulnerabilities.
“The reality is that the number of security vulnerabilities and breaches are consistently increasing—from 1,000 in 2002 to over 23,000 in 2022. Defenders are fighting a battle on all sides and at all times," said Tiago Henriques, vice president of security research at Coalition.
“We produced this report to provide as much information as possible for organizations to learn from. With the overwhelming volume of vulnerabilities and lack of IT staff, cybersecurity experts need a way to evaluate each vulnerability's risk so they can prioritize what to address."
These vulnerabilities, detrimental to organizations' operations, are also time-sensitive and variable. Once a CVE is known, attackers can target an organization within a matter of days. Coalition reported that, for most CVEs, the time to exploit is within 90 days of public exposure, with the majority exploited in the first 30 days.
Ransomware remains one of the most alarming problems for digital security. Databases that are exposed to the internet are the source point for many of today's data leaks with widely used databases, such as Elasticsearch and MongoDB, recording high rates of compromise. Last year, 140 terabytes of data hosted by Elasticsearch, consisting of over 175 billion documents, were exposed to the internet with no authentication, and 26% of all installations through MongoDB were compromised by ransomware attacks.
The most common remote-scanning protocol by attackers is remote desktop protocol (RDP), according to the report. Companies are struggling to update their systems and the majority of database servers are running on outdated software, which puts targets at risk. Attackers are also still leveraging old protocols with new vulnerabilities like RDP to gain access to systems. Quickly patching these vulnerabilities should be an urgent priority for organizations.
Security teams responsible for combating threat actors are struggling to keep up, despite their best efforts. Coalition found that 94% of organizations scanned in the last year have at least one unencrypted service exposed to the internet. The report recommends that organizations prioritize the application of updates on public-facing infrastructure and internet-facing software within 30 days of a patch's release and follow regular upgrade cycles to mitigate vulnerabilities in older software.
“Cybersecurity professionals must be more alert than ever to vulnerabilities that already exist within their networks and assets. Attackers are becoming increasingly sophisticated and have become experts at exploiting commonly used systems and technologies," Henriques said. “Organizations must use secure communication protocols to access their data. They must also enforce multifactor authentication and ensure the services they use are not exposed to the internet. Taking steps like these to improve your basic security hygiene is crucial to improving your overall defense posture."
Ann Seaberg is an IA contributor.