Rapid7's mid-year review paints a grim picture of the current cybersecurity landscape. Notably, the report found that ransomware remains a high-profit avenue for cyber criminals, with over 1500 victims identified worldwide in the first half of 2023. This includes 526 LockBit victims, 212 Alphv/BlackCat victims, 178 ClOp victims, and 133 BianLian victims. However, these figures are likely an underestimate as they do not account for organizations that quietly pay the ransom without public disclosure.
The report attributes the success of ransomware to two primary factors: the high profit potential for criminals and the inadequate security posture of many potential targets. One key finding is that nearly 40% of incidents were due to missing or lax enforcement of multi-factor authentication (MFA), a basic security defense. Furthermore, the general security posture of many organizations remains low, with only one organization meeting Rapid7's minimum recommendations for security maturity in 2023.
The report also found that old vulnerabilities continue to be successful for attackers. Notably, CVE-2021-20038, a vulnerability in SonicWall SMA 100 series devices, and CVE-2017-1000367, a weakness in the sudo command, were exploited in the first half of 2023. New vulnerabilities were also discovered and exploited, with more than a third of widespread threat vulnerabilities used in zero-day attacks. The report cites the example of Adobe ColdFusion CVE-2023-26360, which seems to be exploited more broadly than initially disclosed by Adobe.
The report underscores the profitability of cybercrime, with exploit brokers on the dark web selling numerous network device zero-day exploits for more than $75,000. Rapid7 notes that even at ten times this price, a successful ransomware attack could provide a substantial return on investment. The report states, “In all likelihood, a threat actor like Cl0p would easily be able to afford a bevy of zero-day exploits for vulnerable enterprise software – enabling the group to hoard and hone proprietary capabilities while they conduct reconnaissance on high-revenue targets.”
The report concludes that the cybersecurity landscape is likely to worsen before it improves, given the enormous financial incentive for cybercrime and the continued failure of organizations to implement even basic security defenses. However, Caitlin Condon, head of vulnerability research at Rapid7, emphasizes that organizations are not powerless and that preventable attacks can be mitigated with basic security measures such as MFA.