Of their quest for community entry, cyber risk actors are leveraging a broad spectrum of vulnerabilities, from essentially the most not too long ago disclosed to these left unpatched for over 20 years.
In its 2025 Mass Web Exploitation Report, launched on February 27, GreyNoise discovered that 40% of vulnerabilities exploited by attackers in 2024 had been from 2020 or earlier and 10% from 2016 or earlier. Some even date again to the late Nineties, like CVE-1999-0526 – an X server vulnerability.
Some legacy vulnerabilities, like CVE-2018-10-561, a problem found on Dasan GPON house routers, remained the most exploited flaws in 2024.
Attackers Velocity Up Exploitation
On the opposite finish of the spectrum, attackers are additionally getting faster at exploiting newly discovered CVEs, with exploitation noticed inside hours of disclosure in 2024.
Moreover, GreyNoise detected the exploitation of 29 vulnerabilities earlier than they had been added to the US Cybersecurity and Infrastructure Safety’s (CISA) Recognized Exploited Vulnerabilities (KEV) catalog.
Ransomware teams – the first supply of vulnerability exploits – leveraged 28% of the CVEs added to CISA’s KEV catalog.
The place Vulnerabilities Are Being Exploited
A majority of essentially the most exploited vulnerabilities in 2024 focused house web routers, together with customer-facing fiber modems.
Ivanti, D-Link and VMware had been among the many suppliers with essentially the most exploited vulnerabilities.
In line with the GreyNoise researchers, the risk actors’ fundamental targets for exploiting vulnerabilities in 2024 included:
- Botnet enlargement
- Cryptocurrency mining
- Preliminary entry for ransomware deployment
- Information exfiltration operations
- Proxy service creation for additional assaults
