Fortinet, today at the RSA 2024 Conference, published a cyberthreat analysis for the second half of 2023. On average, the company found, it currently takes 4.76 days between public disclosure of a vulnerability and its first exploitations to appear. That represents a 43% increase in time to exploitation over the first half of 2023, according to the report.

Overall, 41% of organizations have detected signatures of attacks less than a month old. On the plus side, the report finds that only 0.7% of all Common Vulnerabilities and Exploits (CVEs) observed were targeted, suggesting that the attack surface the cybersecurity teams need to prioritize is relatively small.

According to Derek Manky, chief security strategist and global vice president for threat intelligence at FortiGuard Labs, it is clear that cyber attackers are leveraging automation to accelerate the pace at which they develop and launch new exploits. In fact, the higher the vulnerability is ranked in terms of severity, the faster the exploits are being developed, he noted.

More troubling still, with continued advances in artificial intelligence (AI), cybersecurity teams should expect the pace at which those exploits are being developed to further accelerate, said Manky.

Of course, new exploits are being added to a long list of previous vulnerabilities. The report finds that 98% of organizations have detected vulnerabilities that are more than five years old. In some cases, known vulnerabilities that are more than 15 years old are still being exploited.

The report also noted ransomware detections dropped by 70% compared to the first half of 2023. This slowdown can best be attributed to attackers shifting away from the traditional “spray and pray” strategy to a more targeted approach, aimed largely at the energy, healthcare, manufacturing, transportation and logistics, and automotive industries, noted Manky.

However, taking down the bots used to launch attacks remains challenging. According to the Fortinet report, it takes an average of 85 days for command and control (C2) communications to cease after first detection.

The report also noted that 38 of the 143 Advanced Persistent Threat (APT) groups listed by MITRE were observed to be active in the second half of 2023. In addition, 221 vulnerabilities were actively discussed on the darknet, while 237 vulnerabilities were discussed on Telegram channels. More than 850,000 payment cards were advertised for sale.

In total, more than 3,000 data breaches were shared on prominent dark web forums, the report noted.

As the pace at which new exploits are developed continues to increase, cybersecurity teams will be under more pressure than ever to improve meantime-to-resolutions (MTTR) rates in the weeks and months ahead, said Manky. Many attacks today are aimed at a narrow range of vulnerabilities, but that is likely to increase as it becomes easier for cybercriminals to develop exploits, he added.

In effect, the pace at which cybersecurity teams are going to be required to operate is increasingly move toward real time as the cyberattacks being launched continue to increase in terms of both volume and sophistication. Less clear is to what degree cybersecurity teams will be able to rise to the challenge without themselves relying more on advances in artificial intelligence (AI) to keep pace.

Photo by CHUTTERSNAP on Unsplash