Vulnerabilities and cyberattacks that marked the year 2021

Rapid7 announced the release of a report examining the 50 most notable security vulnerabilities and high-impact cyberattacks in 2021.

On any given day, security professionals must prioritize and address viable threats from an overwhelming number of reported vulnerabilities. Researchers analyze thousands of vulnerabilities each year to understand root causes, dispel misconceptions, and share information on why certain flaws are more likely to be exploited than others. From this research, the team creates a report of the highest priority CVEs based on their likelihood of widespread exploitation.

The report highlights 50 vulnerabilities from 2021 that posed considerable risk to businesses of all sizes. Of those 50 vulnerabilities, 43 were exploited in the wild. Furthermore, vulnerabilities classified as “widespread threats” for the scale at which they were exploited increased 136% over the previous year.

Most notable vulnerabilities, threats and exploits in 2021

• Broad, opportunistic exploitation increased significantly in 2021. 66% of vulnerabilities in this report were classified as widespread threats, compared to only 28% in 2020.
• More than 60% of widespread threats cited in this report have been used in ransomware operations, and more than half of widespread threats began with a zero-day exploit.
• 52% of the known exploited vulnerabilities in this report came under attack within one week of public disclosure, and the average time to known exploitation decreased from 42 days in 2020 to just 12 days in 2021.

“In years past, vulnerabilities and hacking incidents led to fewer widespread attacks,” said vulnerability research manager and lead Vulnerability Intelligence Report author at Rapid7, Caitlin Condon. “The recent increase in ransomware, coin mining, and other widespread attacks means the probability of an ‘average business’ being targeted has correspondingly increased.”