Zero-day Attacks Doubled in 2021

Zero-day exploits doubled last year, according to new research by security analytics and automation provider, Rapid7.

On Monday, the company published its latest Vulnerability Intelligence Report, examining the most notable security vulnerabilities and high-impact cyber-attacks of 2021.

“We research and publish this report to contextualize the vulnerabilities that introduce serious risk to a wide range of organizations,” said vulnerability research manager and lead Vulnerability Intelligence Report author, Caitlin Condon. 

“Our goal is to highlight exploitation trends, explore attacker use cases and offer a framework for understanding new security threats as they arise.”

More than 50% of the threats analyzed by Rapid7 in 2021 began with a zero-day exploit. Out of the 50 vulnerabilities included in the report, 43 were exploited in the wild and nearly half (20) were exploited as zero-day attacks before being patched by vendors. 

When comparing the number of vulnerabilities that were exploited as zero-day attacks in recent years, the researchers observed an increase of 100% from 2020 to 2021. 

While the number of attacks doubled, the amount of time between the public disclosure of a vulnerability and its known exploitation in the wild decreased in 2021 compared to 2020. Half of the CVEs in the report were exploited within seven days of public disclosure compared with 30% in 2020. More than half of the vulnerabilities (58%) were exploited within. Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *