The Qualys Threat Research Unit (TRU) has revealed a significant 30% increase in Common Vulnerabilities and Exposures (CVEs) for 2024. From January to mid-July, the number of reported CVEs surged from 17,114 in 2023 to 22,254 in 2024, reflecting a growing cybersecurity challenge. This rise highlights the urgent need for enhanced vulnerability management and security measures.
The research indicates that 0.91% of these vulnerabilities, totaling 204, have been weaponized, posing substantial risks. These weaponized CVEs are primarily exploited through public-facing applications and remote services, emphasizing the need for targeted security responses. Additionally, the data shows a 10% increase in the weaponization of older CVEs, stressing the importance of addressing pre-existing vulnerabilities.
Prominent vulnerabilities, such as CVE-2023-43208, affecting healthcare systems, and several others identified by Qualys, have seen increased exploitation. Saeed Abbasi, Product Manager of Vulnerability Research at Qualys TRU, underscores the necessity for a proactive approach in cybersecurity, including continuous monitoring and rapid patch management.
Qualys also highlights the most critical vulnerabilities of 2024, with several severe issues just missing the top 10 list. These include CVE-2023-22527 (Atlassian Confluence), CVE-2023-48788 (FortiClient EMS), and CVE-2024-24919 (Check Point Security Gateways). All are listed on the CISA KEV, marking them as high-risk and demanding immediate attention.
In light of these findings, Qualys advises adopting a hybrid vulnerability management strategy that integrates both agent-based and agent-less methods to effectively address and mitigate emerging threats. Regular updates and advanced threat detection systems are crucial for maintaining robust network security.