As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year.
Describing 2024 as “another banner year for threat actors targeting the exploitation of vulnerabilities,” VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before the day their CVEs were publicly disclosed.
This marks a slight decrease from 2023’s 26.8%, indicating that exploitation attempts can take place at any time in a vulnerability’s lifecycle.
“During 2024, 1% of the CVEs published were reported publicly as exploited in the wild,” VulnCheck’s Patrick Garrity said in a report shared with The Hacker News. “This number is expected to grow as exploitation is often discovered long after a CVE is published.”
The report comes over two months after the company revealed that 15 different Chinese hacking groups out of a total of 60 named threat actors have been linked to the abuse of at least one of the top 15 routinely exploited vulnerabilities in 2023.
“Not surprisingly, the Log4j CVE (CVE-2021-44228) is associated with the most threat actors overall, with 31 named threat actors linked to its exploitation,” Garrity noted late last year, adding the company identified 65,245 hosts potentially vulnerable to the flaw.
In all, there are roughly 400,000 internet-accessible systems likely susceptible to attacks stemming from the exploitation of 15 security shortcomings in Apache, Atlassian, Barracuda, Citrix, Cisco, Fortinet, Microsoft, Progress, PaperCut, and Zoho products.
“Organizations should evaluate their exposure to these technologies, enhance visibility into potential risks, leverage robust threat intelligence, maintain strong patch management practices, and implement mitigating controls, such as minimizing internet-facing exposure of these devices wherever possible,” VulnCheck said.
