“Notably, quite a few the incidents Rapid7 groups noticed in 2024 the place vulnerability exploitation was initially considered in scope turned out to as an alternative stem from adversaries’ use of compromised credentials, slightly than CVE exploitation,” Caitlin Condon, director of vulnerability intelligence at Rapid7, advised CSO.
The place vulnerabilities did result in breaches, in accordance with Rapid7’s managed detection and response (MDR) staff, this resulted from older bugs slightly than 0-days.
“A slim majority of vulnerabilities Rapid7 MDR and incident response groups noticed exploited in real-world manufacturing environments final yr had been CVEs that had been new in 2024 and had recognized exploits obtainable,” Condon advised CSO. “The remainder of the confirmed CVE exploitation our groups noticed in opposition to manufacturing programs had been older vulnerabilities that had beforehand been utilized in extremely publicized menace campaigns.”
