Friend
Professional
- Messages
- 2,675
- Reaction score
- 981
- Points
- 113
Aqua Nautilus cites 28,000 reasons for concern in its report.
There is an alarming trend in the field of cybersecurity: the number of vulnerabilities identified is breaking all records. According to the National Database (NVD), 28,821 security breaches were reported in 2023. Even more alarming is the fact that in 2024 this figure may be even higher - by September, the number of detected vulnerabilities exceeded 28,000.
Experts attribute such statistics to several factors. The widespread use of open source software allows more developers and researchers to study the code thoroughly. Increased cyber threat awareness among organizations and experts is leading to an increase in incident reporting. In addition, modern systems are becoming more complex, which creates additional opportunities for breaches.
However, an increase in the number of identified defects does not solve all problems. At the beginning of 2024, NVD faced a serious slowdown in vulnerability analysis. This has led to delays in updating the data, which many scanning tools depend on. As a result, many organizations have found themselves more vulnerable to potential attacks.
The Aqua Nautilus research team has discovered another problem: a delay in publicly disclosing weaknesses in open source projects. Sometimes it can take up to several hundred days before information about the breach is published and corrected. This creates a dangerous "window" during which attackers can discover the flaws.
Aqua Nautilus has also introduced new categories of security issues: "Half-Day" and "0.75-Day". "Half-Day" vulnerabilities are known to developers, but have not yet been officially published. "0.75-Day" category flaws have a fix but have not yet received a CVE or CPE ID, making them invisible to scanning tools.
The researchers gave two illustrative examples: the Log4Shell issue (CVE-2021-44228) and the flaw in Binwalk (CVE-2022-4510). In the case of Log4Shell, the "Half-Day" period lasted 6 days, and the "0.75-Day" period lasted 4 days before the CVE was officially assigned. For the Binwalk breach, the "Half-Day" period lasted 98 days.
The focus of attacks among cybercriminals is also changing. If in 2022 the main target was the Log4Shell flaw, then by the end of 2023, their attention had shifted to the issue in Grafana (CVE-2021-43798).
Grafana is an open-source data visualization tool widely used in cloud environments. The flaw allows hackers to read arbitrary files from the file system, which could lead to the leakage of sensitive data. Here is a list of the most commonly exploited security issues:
Honeypots research has shown that attackers have become faster at exploiting new breaches. for example, recent problems in Openfire and RocketMQ were exploited in attacks just one to two weeks after they were exposed.
Attacks on software supply chains are on the rise. New weaknesses in tools such as curl and libcurl, as well as the exploitation of fresh flaws by the Kinsing malware, highlight the ongoing risks in the software supply chain.
Other examples of supply chain attacks include critical defects in Jenkins Server leading to remote code execution (RCE) and the spread of malware through PyTorch dependency confusion.
To combat the growing number of security concerns, experts recommend a number of measures. Among them are the use of automated code scanning, the use of artificial intelligence and machine learning technologies to detect anomalies in code repositories.
Here is the full list of recommendations:
Source
There is an alarming trend in the field of cybersecurity: the number of vulnerabilities identified is breaking all records. According to the National Database (NVD), 28,821 security breaches were reported in 2023. Even more alarming is the fact that in 2024 this figure may be even higher - by September, the number of detected vulnerabilities exceeded 28,000.
Experts attribute such statistics to several factors. The widespread use of open source software allows more developers and researchers to study the code thoroughly. Increased cyber threat awareness among organizations and experts is leading to an increase in incident reporting. In addition, modern systems are becoming more complex, which creates additional opportunities for breaches.
However, an increase in the number of identified defects does not solve all problems. At the beginning of 2024, NVD faced a serious slowdown in vulnerability analysis. This has led to delays in updating the data, which many scanning tools depend on. As a result, many organizations have found themselves more vulnerable to potential attacks.
The Aqua Nautilus research team has discovered another problem: a delay in publicly disclosing weaknesses in open source projects. Sometimes it can take up to several hundred days before information about the breach is published and corrected. This creates a dangerous "window" during which attackers can discover the flaws.
Aqua Nautilus has also introduced new categories of security issues: "Half-Day" and "0.75-Day". "Half-Day" vulnerabilities are known to developers, but have not yet been officially published. "0.75-Day" category flaws have a fix but have not yet received a CVE or CPE ID, making them invisible to scanning tools.
The researchers gave two illustrative examples: the Log4Shell issue (CVE-2021-44228) and the flaw in Binwalk (CVE-2022-4510). In the case of Log4Shell, the "Half-Day" period lasted 6 days, and the "0.75-Day" period lasted 4 days before the CVE was officially assigned. For the Binwalk breach, the "Half-Day" period lasted 98 days.
The focus of attacks among cybercriminals is also changing. If in 2022 the main target was the Log4Shell flaw, then by the end of 2023, their attention had shifted to the issue in Grafana (CVE-2021-43798).
Grafana is an open-source data visualization tool widely used in cloud environments. The flaw allows hackers to read arbitrary files from the file system, which could lead to the leakage of sensitive data. Here is a list of the most commonly exploited security issues:
| CVE | Platform | % | CVSS | EPSS |
|---|---|---|---|---|
| CVE-2021-43798 | Grafana | 24.91% | 7.5 | 97.5% |
| CVE-2021-44228 | Log4Shell | 23.91% | 10 | 96.69% |
| CVE-2002-1149 | phpinfo.php | 6.71% | N/A | 55.48% |
| CVE-2018-11776 | Apache Struts | 5.39% | 8.1 | 97.53% |
| CVE-2023-32315 | Openfire | 4.74% | 7.5 | 97.02% |
| CVE-2023-38646 | Metabase | 3.62% | 9.8 | 88.91% |
| CVE-2002-0953 | globals.php | 3.55% | N/A | 2.76% |
| CVE-2022-0543 | Redis | 3.00% | 10 | 97.20% |
| CVE-2020-2551 | Oracle WebLogic | 0.95% | 9.8 | 97.54% |
| CVE-2014-6271 | Shellshock | 0.94% | 9.8 | 97.37% |
Honeypots research has shown that attackers have become faster at exploiting new breaches. for example, recent problems in Openfire and RocketMQ were exploited in attacks just one to two weeks after they were exposed.
Attacks on software supply chains are on the rise. New weaknesses in tools such as curl and libcurl, as well as the exploitation of fresh flaws by the Kinsing malware, highlight the ongoing risks in the software supply chain.
Other examples of supply chain attacks include critical defects in Jenkins Server leading to remote code execution (RCE) and the spread of malware through PyTorch dependency confusion.
To combat the growing number of security concerns, experts recommend a number of measures. Among them are the use of automated code scanning, the use of artificial intelligence and machine learning technologies to detect anomalies in code repositories.
Here is the full list of recommendations:
- Develop a multi-layered security strategy: As mentioned earlier, adopting a multi-layered security approach is essential to comprehensively securing your environment. this includes implementing powerful runtime controls to prevent attacks that can exploit existing or zero gaps by applying capabilities such as behavioral detection and cloud-based detection and response (CDR).
- Detect and fix issues early: Use a robust cloud-based security scanner to shift left and integrate automated scanning into the software development lifecycle. Early detection of known defects and other risks in your container images can significantly reduce the attack surface that attackers can exploit.
- Use a risk-based approach to prioritize and address weaknesses: focus on the issues that pose the most risk, taking into account contextual factors such as achievability, EPSS, actively working packages, available exploits, and others. This helps in identifying and eliminating defects with the highest priority.
- Prevent critical issues from entering your production environment: Configure provisioning policies to determine an acceptable level of risk for your container image deployments, which helps reduce the attack surface and prevent breaches from reaching production.
- Mitigate the effects of runtime defects: Close exploitation paths and attack vectors for issues that cannot be immediately fixed by applying compensatory control measures such as vShield, a virtual patch that provides immediate protection.
Source
