Defending the Digital Horizon: Decoding the Vulnerability Threat Landscape in 2023

December 29, 2023 SecurifideAdvisory
0 Comment
cybersecurity, information-security, infosec, threat-intelligence, vulnerability

2023 gonna get wrapped up in just 2 days, and infosec fraternity have noticed multiple cyber activities happening in the infosec arena, ranging from malware activities, threat actor activities, hacktivist campaigns, and vulnerability exploitation. In this blog, we will be focusing on statistics related to the vulnerabilities being reported and exploited during 2023.

Securifide Advisory Threat Research Unit (SATRU) have noticed huge numbers of vulnerabilities being reported for the year as compared to previous years, and it’s almost 13% higher compared to 2022. Moreover, at the time of writing, there were total of 28890 vulnerabilities been reported in 2023, which is 3K more than from 2022.

Total number of Vulnerabilities by year (Source:- CVE Details)

While we have been documenting the vulnerabilities, there is still a surge in CVE-IDs getting added to the December list, which is a clear indication that how the recent technologies are vulnerable and are also not being tested properly before the launch of the products.

Monthly Count of vulnerabilities reported in 2023 (Source:- CVE Details)

Out of 28K+ vulnerabilities, ‘129' of them have been added to CISA KEV (known exploited vulnerabilities) catalog. These set of vulnerabilities added by CISA have been made compulsory for patching seeing its severity as critical or high and its adverse effect. Furthermore, as we see the number of vulnerabilities added to the KEV catalog are very less, compared to the grand total of 28K (2023), which means there are other highly critical vulnerabilities which CISA doesn’t add to KEV catalog and organisations tend to give it less importance, and miss on patching the critical vulnerabilities, which also gives room to targeted cyber-attacks.

SATRU have identified top ‘12’ vulnerabilities which were quite prominent, and kept cyber-warriors quite busy during the year. It has also been noted that most of these vulnerabilities were actively exploited by Ransomware Groups like Cl0p, LockBit, HelloKitty, and APT groups like APT28, UNC4841, Kinsing etc.

Top 12 prominent Vulnerabilities in 2023

Hence we recommend organizations to immediately patch any vulnerabilities in their products irrespective of the criticality and priority, as sometimes vulnerabilities reported on date gets exploited 3 months later.

A Call to Action:

  1. Immediate Patching and Updates: Organizations must prioritize immediate patching and updates. Closing the door on known vulnerabilities is the first line of defense against potential exploits that may escalate in the coming year.
  2. Comprehensive Supply Chain Security: Reflect on the lessons learned from supply chain vulnerabilities in 2023. Strengthen partnerships with suppliers, conduct thorough security assessments, and implement robust monitoring mechanisms to ensure the integrity of the digital supply chain.
  3. Enhanced Ransomware Resilience: Bolster your organization’s resilience against ransomware by fortifying backup and recovery processes. Regularly test these mechanisms to guarantee their effectiveness in the face of evolving ransomware tactics.
  4. Continuous Security Education: Empower your workforce with ongoing cyber-security education. The human element remains a critical factor in mitigating vulnerabilities, and well-informed employees can serve as an additional layer of defense against emerging threats.

Looking Ahead: A Secure 2024:

As we stand at the crossroads of the year’s end, let these final moments serve as a catalyst for change. Let the challenges faced in 2023 be the stepping stones toward a more secure and resilient digital future. As we welcome 2024, may it be a year marked not only by innovation but by a collective commitment to safeguarding our digital frontier against the ever-present threat of software vulnerabilities. The journey continues, and our resolve to face these challenges head-on has never been more crucial.

***

This blog is a part of an independent research which we do on a frequent basis to aware netizens and organisation and keep internet a safer place.

Securifide Advisory Threat Research Unit (SATRU) and Security Chronicle is a team of independent security researchers and a dedicated platform to educate, aware netizens on #security #risks & #threats.

Twitter LinkedIn

cyber-security-awareness

Leave a Reply

Your email address will not be published. Required fields are marked *