Cyber Security Today, Dec. 27, 2023 – A record year for ransomware

A record year for ransomware.

Welcome to Cyber Security Today. It’s Wednesday, December 27th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

 

 

The year isn’t quite over but it’s clear that 2023 hit a record for ransomware attacks. Researchers at NCC Group say that as of the end of November the total number of attacks around the world hit 4,276 — slightly more than twice as many as last year. And December’s numbers haven’t been added.

More year-end numbers to consider: More than 26,000 vulnerabilities were discovered this year, according to researchers at Qualys. However, less one per cent of them were high risk — about 7,000. And of them, only 206 had weaponized code available. These are the ones information security professionals have to pay attention to, because they are the most likely to be exploited. By the way, of those 206 vulnerabilities, just over 32 per cent were involved network infrastructure or web applications. High-risk holes need to be patched or mitigated fast. According to the research, the mean time to exploit vulnerabilities this year was 44 days. However, many times threat actors were able to create an exploit the same day a vulnerability was publicized.

Speaking of the need for fast patching of critical applications, here’s something to ponder: On a podcast earlier this month I reported that a vulnerability in JetBrains’ TeamCity application development platform was being exploited by a Russian-based group. According to a new report from ReversingLabs, a patch for that hole was released in September. But by this month only two per cent of TeamCity administrators had installed it.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.