Skip to content

Search the site

Bugs are turning into exploits faster than ever

Vulnerabilities are turning into actively exploited flaws at a rapid pace, often within the same day. This according to research from security vendor Qualys.

Vulnerability disclosures are turning into active exploits at a record pace, according to experts.

The team at Qualys said that, on average, a disclosed security flaw falls under active exploitation in roughly 44 days.

What's worse, many of the highest risk vulnerabilities are falling under almost immediate exploitation, with working attacks for high risk CVE flaws (those rated 7.0 and above) surfacing on the same day at a 25 percent rate.

When expanded to 19 days, around 75 percent of high risk vulnerabilities were under active exploitation in the wild.

The finding underscores the need for administrators and network defenders to promptly test and deploy patches for security vulnerabilities.

"This immediate action represents a shift in the modus operandi of attackers," said Qualys, "highlighting their growing efficiency and the ever-decreasing window for response by defenders."

Saeed Abassi, product manager for vulnerability research at the Qualys Threat Research Unit told The Stack that there were a number of factors that can be blamed for the rapid turnaround from disclosures to exploits.

"Firstly, the widespread availability of hacking tools and knowledge makes it easier for even less skilled hackers to exploit vulnerabilities," Abassi explained.

"Secondly, the increasing efficiency of threat actors in developing and deploying exploits immediately after vulnerability disclosure indicates a highly dynamic and responsive adversary landscape."

The researchers tracked 206 high-risk flaws, finding that 50 percent were used for ransomware, malware, or other in-the-wild exploit techniques.

Not surprisingly, remote code execution vulnerabilities were the most popular target, as successful exploitation effectively gives the attacker total control over the target.

The Fortra GoAnywhere flaw (CVE-2023-0669) was the most commonly exploited flaw observed by Qualys, followed by the VMWare Aria command injection vulnerability (CVE-2023-20887) and the Sugar CRM remote code execution flaw (CVE-2023-22952)/

Security bypass vulnerabilities were the second most exploited flaws, followed by buffer manipulation bugs.

Web applications and network infrastructure were by far the most popular target for bug hunters, claiming a 33 percent stake of all exploited vulnerabilities. Of those remote access services saw the greatest frequency of exploits, followed by public-facing applications.