Increase in CVE exploits nearly tripled according to Verizon's findings in 2023

Increase in CVE exploits nearly tripled according to Verizon's findings in 2023

In the ever-evolving landscape of cybersecurity, Verizon's 2023 Data Breach Investigations Report (DBIR) sheds light on the top strategies for finding and remediating vulnerable software in enterprise security.

The report reveals a concerning surge in vulnerability exploitation, growing 180% as a root cause of breaches, now accounting for 14% of all breaches. This rise is largely driven by ransomware actors targeting zero-day vulnerabilities, such as those exploited in the MOVEit campaign.

Enterprises often grapple with patching speed. The median time to remediate 50% of critical vulnerabilities on the CISA Known Exploited Vulnerabilities list is 55 days, whereas mass exploitation can occur within 5 days of vulnerability disclosure. This gap in timely patching indicates a pressing need for improvement.

Automated risk-based patch management programs that prioritize updates based on risk severity and exploitability are crucial. These help organizations focus on patching critical vulnerabilities more efficiently. For zero-day vulnerabilities, which cannot be patched immediately, mitigation strategies such as network segmentation and continuous detection and response systems are recommended to reduce impact.

The importance of avoiding unsupported software is highlighted since unsupported systems miss out on patches, leaving open vulnerabilities that are heavily exploited. In fact, 74% of breaches involved known vulnerabilities with available patches, often on unsupported software.

Improvements in vulnerability resolution times have been reported, with median resolution dropping from 112 days in 2017 to 37 days recently, showing progress in patch management effectiveness. Additional access management controls, such as implementing least privilege, role-based access control (RBAC), multi-factor authentication (MFA), and monitoring of third-party access, are critical to reducing exploitable attack surfaces arising from poor identity and access management, which is a significant vulnerability vector.

In summary, Verizon’s 2023 DBIR underscores that to effectively find and remediate vulnerable software, enterprises need to:

1. Implement automated, risk-based patch management programs focused on critical vulnerabilities.
2. Accelerate patch deployment to close the gap between disclosure and exploit.
3. Mitigate zero-day risks through network segmentation and continuous detection.
4. Ensure all software is supported and regularly updated to receive timely patches.
5. Strengthen access management practices to reduce privileges and manage third-party risks.

These strategies collectively enhance resilience against the rapidly growing exploitation of software vulnerabilities in enterprise environments.

Suzanne Widup, distinguished engineer of threat intelligence at Verizon Business, stated that patching is a significant challenge for organizations, particularly those with complex environments. "Nobody wants to bring down the critical production systems of their organization," Widup added. The findings also highlight the need for enterprise security leaders to educate workers about cybersecurity hygiene.

The MOVEit breach, involving Clop ransomware exploiting zero-day vulnerabilities in a file-transfer service, underscores the need for vigilance. Patch testing is necessary to ensure they don't cause other issues, according to Widup. The exploitation of vulnerabilities almost tripled as an initial access vector in 2023.

More than two-thirds of security incidents involve either a person making an error or falling victim to social engineering, according to the report. The findings emphasize the need for enterprise security leaders to find and remediate vulnerable software. The number of confirmed breaches in 2023 was more than double the number during the prior year, and the figure representing third-party breaches increased by 68% from the prior year. The report shows 15% of breaches involved a third party.

Researchers analyzed a record 30,458 security incidents from 2023. Ransomware actors increasingly targeted zero-day vulnerabilities in IT systems, according to Verizon. About a third of all breaches in 2023 included some type of extortion. The analysis is based on the Known Exploited Vulnerabilities catalog at the Cybersecurity and Infrastructure Security Agency.

The findings serve as a call to action for enterprise security leaders to prioritize vulnerability management and cybersecurity education within their organizations. By implementing these strategies, organizations can bolster their defenses against the growing threat of software vulnerabilities.

1. The 2023 Data Breach Investigations Report (DBIR) by Verizon reveals a notable increase of 180% in vulnerability exploitation as a root cause of data breaches, accounting for 14% of all breaches.
2. The report underscores the pressing need for enterprises to enhance their cybersecurity practices, focusing on improving patch management and technology that utilizes threat intelligence, such as artificial intelligence and general news sources about crime and justice.
3. Enterprises should consider implementing automated risk-based patch management programs that prioritize critical vulnerabilities, reducing the gap between the disclosure and exploitation of vulnerabilities.
4. To mitigate the risks associated with zero-day vulnerabilities, organizations are recommended to employ network segmentation, continuous detection and response systems, and avoid unsupported software.
5. In addition to patch management, it is crucial for enterprise leaders to strengthen access management practices, as poor identity and access management remains a significant vulnerability vector, with more than two-thirds of security incidents involving human error or social engineering.

Read also: