Patch in 6 Days, Warns Positive Technologies

Positive Technologies reports that companies have only six days to address critical vulnerabilities before cybercriminals exploit them. This urgent timeline is based on the quick development and distribution of experimental exploits on the dark web following a vulnerability disclosure. For five consecutive years, vulnerability exploitation has ranked among the top three attack methods on organizations. In 2022–2023, over 2,700 companies experienced data breaches due to a single vulnerability, highlighting the critical need for effective vulnerability management.

Fedor Chunizhekov, Head of Security Analytics at Positive Technologies, noted that vulnerability exploitation accounted for 32% of successful cyberattacks in 2023, up from 18% in 2019. He emphasized that experimental proof-of-concept (PoC) exploits typically appear within six days of a vulnerability disclosure, with dark web discussions and subsequent exploit development occurring shortly thereafter. The study identified several high-profile vulnerabilities frequently discussed on dark web forums, including those in WinRAR (CVE-2023-38831), Fortinet products (CVE-2022-40684), the Java-based Spring Framework (CVE-2022-22965), Linux (CVE-2022-0847), and the Microsoft Support Diagnostic Tool (CVE-2022-30190, also known as Follina). These discussions highlight the significant interest cybercriminals have in remotely exploitable vulnerabilities, which make up 70% of the chatter.

Recent incidents underscore the consequences of delayed vulnerability patching. In May 2023, the exploitation of a vulnerability in the 1C-Bitrix system (CVE-2022-27228) led to a mass defacement of websites in the .ru and .рф domains. A flaw in the Microsoft Windows Support Diagnostic Tool (CVE-2022-30190) was used for ransomware attacks and cyberespionage, while the CVE-2023-34362 vulnerability in Progress MOVEit Transfer resulted in the compromise of data from over 2,700 organizations. To mitigate these risks, organizations must take proactive measures, such as regularly inventorying and classifying assets, conducting security analyses, monitoring dark web discussions for emerging threats, and setting realistic timelines for vulnerability remediation.

Positive Technologies recommends using modern vulnerability management systems like MaxPatrol VM. This tool provides timely updates on vulnerabilities—within 12 hours—and helps organizations detect and remediate risks promptly, safeguarding critical assets. Implementing these strategies can significantly reduce exposure to cyber threats and ensure the security of IT infrastructure.