New examination of the 2020 vulnerability and risk landscape has identified that the overall variety of Frequent Vulnerabilities and Exposures (CVEs) claimed very last 12 months was 6% bigger than the whole documented in 2019.
A calendar year-in-review report from Tenable’s Security Response Group located that 18,358 CVEs have been documented in 2020, although only 17,305 were claimed the past 12 months.
When the boost involving 2019 and 2020 could appear to be slight, the team identified that from 2015 to 2020, the variety of CVEs noted rose 183%, from 6,487 to 18,358.
“For the previous three a long time, we have viewed around 16,000 CVEs reported annually—reflecting a new regular for vulnerability disclosures,” mentioned scientists.
Between the 2020 vulnerabilities disclosed were being 29 Tenable determined as net-new zero-working day vulnerabilities. Of the 29 vulnerabilities, above 35% had been browser-similar vulnerabilities, while nearly 29% were being in running techniques. Font libraries have been also popular, accounting for nearly 15% of zero-working day vulnerabilities.
Reviewing at which factors in the calendar year critical CVEs had been described, researchers uncovered what they termed a “CVE Year” that coincided with summertime.
“Summertime 2020—from June to August—was particularly one of a kind for the two the sheer volume and number of critical CVE disclosures,” pointed out researchers. “547 flaws have been disclosed in the summer time months, which includes major disclosures in F5, Palo Alto Networks, PulseSecure, vBulletin and a lot more.”
An evaluation of the CVE info for breach traits uncovered that from January as a result of Oct 2020, 730 publicly disclosed activities resulted in the exposure of over 22 billion information. Of the industries impacted by breaches, health care and training manufactured up the major share, accounting for 25% and 13% of the breaches.
Authorities and the technology market ended up also popular targets, accounting for 12.5% and 15.5% of the breaches respectively.
Ransomware was identified to be the most popular attack vector in 2020, currently being cited in 259 incidents. Email compromise was the cause of 105 breaches, when unsecured details led to 83 security incidents. For 179 facts breaches, the root induce was mysterious.
The coronavirus pandemic was employed time and again by cyber-attackers to entice their victims. By the to start with two months of April, 41% of companies experienced seasoned at least one particular company-impacting cyber-attack resulting from COVID-19 malware or phishing techniques.
Some areas of this short article are sourced from: