New cybersecurity vulnerabilities increased at a never-before-seen pace in 2021, with the number of vulnerabilities reaching the highest level ever reported in a single year. As a threat analyst that monitors security advisories daily, I also observed a 24% jump in new vulnerabilities exploited in the wild
last year — indicating threat actors and malware developers are getting better at weaponizing new vulnerabilities. Not only are vulnerabilities proliferating at an unprecedented rate, but threat actors have also gotten better at racing to take advantage of them with a range of new malware and exploits.
These findings were reinforced by the Cybersecurity and Infrastructure Security Agency (CISA) alert issued in April 2022: “Globally, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities. For most of the top exploited vulnerabilities, researchers or other actors released proof of concept (POC) code within two weeks of the vulnerability’s disclosure, likely facilitating exploitation by a broader range of malicious actors.”
