Number of new Common Vulnerabilities and Exposures (CVEs) expected to increase in 2023
We can expect to see more than 1,900 new Common Vulnerabilities and Exposures (CVEs) per month in 2023, including 270 high-severity and 155 critical-severity vulnerabilities -- a 13 percent increase from published 2022 levels.
This is according to a report from cyber insurance provider Coalition, which finds that most CVEs are exploited within 90 days of public disclosure, with the majority exploited within the first 30 days.
The report is compiled from information gathered from Coalition's active risk management and reduction technology that combines data from underwriting and claims, internet scans, and Coalition's global network of honeypot sensors. Coalition's scanning data includes over 5.2 billion IP addresses.
"The reality is that the number of security vulnerabilities and breaches are consistently increasing -- from 1,000 in 2002 to over 23,000 in 2022. Defenders are fighting a battle on all sides and at all times," says Tiago Henriques, Coalition's vice president of security research. "We produced this report to provide as much information as possible for organizations to learn from. With the overwhelming volume of vulnerabilities and lack of IT staff, cybersecurity experts need a way to evaluate each vulnerability's risk so they can prioritize what to address."
Among other findings , 94 percent of organizations scanned in the last year were found to have at least one unencrypted service exposed to the internet. Remote Desktop Protocol (RDP) remains cyber attackers' most commonly scanned protocol, which shows old protocols are still being used with new vulnerabilities to gain access to systems. Elasticsearch and MongoDB databases have a high rate of compromise, with signals showing that a large number have been captured by ransomware attacks.
"Cybersecurity professionals must be more alert than ever to vulnerabilities that already exist within their networks and assets. Attackers are becoming increasingly sophisticated and have become experts at exploiting commonly used systems and technologies," adds Henriques. "Organizations must ensure they use secure communication protocols to access their data and that those services have enforced multifactor authentication. Taking steps like these to improve your basic security hygiene is crucial to improving your overall defense posture."
The full report is available from the Coalition site.
Image Credit: maxkabakov / depositphotos.com