In 2024, attackers did not just use vulnerabilities, they automated their operation on an industrial scale, turning the Internet into an environment for mass attacks.
The attacks began literally hours after the disclosure of new vulnerabilities. At the same time, 40% of the exploited vulnerabilities existed for at least four years, and some went back to the 1990s. Groups engaged in reproach programs actively used almost 30% of vulnerabilities from the list of KEV (Known Exploited Vulnerabilities), tracked by Greynoise.
Greynoise recorded active scanning of the Internet and attempts to operate vulnerabilities from thousands of IP addresses, which confirms: speed confirms: speed confirms: speed attacks ahead of the possibilities of protection.
The most significant attacks of 2024
One of the most actively operated vulnerabilities in 2024 was the problem in home Internet rioters. She allowed to create large-scale botnets used in cyber attacks.
Among the most commonly attacked vulnerabilities, long-known ones remain. Attackers continue to exploit publicly open vulnerabilities, some of which were discovered in the last century.
Greynoise recorded the operation of a number of vulnerabilities even before they include the KEV agency for cybersecurity and protection of the US infrastructure (CISA) in the KEV catalog. This emphasizes the importance of prompt response and obtaining relevant information about cyberosis.
28% of vulnerabilities from the KEV list tracked by Greynoise were actively used by groups that distribute the carrier programs, which makes mass operation of vulnerabilities with a key tool in financially motivated attacks.
In May 2024, a large-scale event was recorded – more than 12,000 unique IP addresses participated in an attack aimed at Android devices.
Why is it threat right now
Traditional updates do not have time for attacks – cybercriminals automate the operation of vulnerabilities faster than companies manage to evaluate, prioritize and implement corrections.
Key risks: