Qualys Unveils 2023 Vulnerability Landscape

Qualys, Inc a leader in disruptive cloud-based IT, security, and compliance solutions, has published insights from its Threat Research Unit (TRU), examining pivotal vulnerabilities in 2023 and their organizational impact. In the same year, 26,447 vulnerabilities were disclosed, surpassing the 2022 count by over 1,500 CVEs.

Focus on Critical Vulnerabilities

Saeed Abbasi, Product Manager at Qualys, emphasized that despite the alarming increase in vulnerabilities, less than 1% posed the highest risk. These critical vulnerabilities are weaponized, actively exploited by ransomware, threat actors, or malware, and confirmed to be in the wild.

TRU Analysis Highlights

The Qualys TRU delved into high-risk vulnerabilities, revealing insights and common trends. Key takeaways include:

1. Mean Time To Exploit (MTTE): In 2023, vulnerabilities had an average MTTE of 44 days, underscoring attackers’ growing efficiency, with some exploits available on the day of disclosure.
2. High-Risk Vulnerabilities Location: 32.5% of the 206 identified vulnerabilities were found in network infrastructure and web applications, traditionally challenging to secure.
3. Exploitation by Threat Actors: Over 50% of high-risk vulnerabilities were exploited by threat actors, ransomware, or malware. Notably, vulnerabilities affected various systems and applications, such as PaperCut NG, MOVEit Transfer, Windows OS, Google Chrome, Atlassian Confluence, and Apache ActiveMQ.

2023 Cyber Landscape Highlights

1. Threat Actor TA505: Known as the CL0P Ransomware Gang, TA505 exploited zero-day vulnerabilities in platforms like GoAnywhere MFT, PaperCut, MOVEit, and SysAid, prompting advisories from CISA and FBI.
2. Active Malware: LockBit and Clop were prominent in ransomware attacks, targeting organizations in IT and finance (LockBit) and exploiting vulnerabilities in large enterprises (Clop).

Recommendations for Organizations

Abbasi stressed the need for a multifaceted approach to vulnerability prioritization, focusing on known exploits, high EPSS scores, and vulnerabilities with weaponized code. Qualys’ Enterprise TruRisk Platform aids in measuring, communicating, and proactively managing cyber risk’s impact on business risk.

In the face of an escalating cyber threat landscape, the recommendations advocate a robust, proactive vulnerability and risk management approach for organizations.