Over 22 billion records exposed in breaches in 2020
From January through October 2020 there have 730 publicly disclosed events resulting in over 22 billion records exposed worldwide according to a new report from Tenable's Security Response Team (SRT).
Of breaches analyzed 35 percent were linked to ransomware attacks, resulting in major financial cost, while 14 percent of breaches were the result of email compromises.
Threat actors have relied on unpatched vulnerabilities in their attacks as well as chaining together multiple vulnerabilities. From 2015 to 2020, the number of reported common vulnerabilities and exposures (CVEs) increased at an average annual percentage growth rate of 36.6 percent. In 2020, 18,358 CVEs were reported, representing a six percent increase over the 17,305 reported in 2019.
Web browsers like Google Chrome, Mozilla Firefox, Internet Explorer and Microsoft Edge have been the primary target for zero-day vulnerabilities, accounting for over 35 percent all those exploited in the wild.
"As defenders, it's difficult enough to prioritize remediation given the hundreds of vulnerabilities released on Microsoft's Patch Tuesday every month and Oracle's Critical Patch Update each quarter. Add in the impact from COVID-19 for defenders trying to protect their newly remote workforce and you have a recipe for chaos," says Satnam Narang, staff research engineer at Tenable. "Security teams know to pick their battles, but when there is a flurry of vulnerabilities with a CVSSv3 score of 10.0 released within weeks of each other, the battles are being chosen for you and they're happening simultaneously. In order to manage vulnerability overload, you’ll need to take inventory of your entire network, identify your most critical assets and ensure they receive patches in an appropriate time frame. Additional indicators, such as CVSSv3 scores and the availability of PoC exploit scripts, can provide further insight into whether or not a vulnerability is more likely to be exploited in the wild, helping your team focus first on the most severe threats facing your network."
The full report is available from the Tenable site.