2020 Saw 6% Rise in Number of CVEs Reported

  • New evaluation of the 2020 vulnerability and danger landscape has located that the whole selection of Frequent Vulnerabilities and Exposures (CVEs) documented final 12 months was 6% greater than the total described in 2019.

    A 12 months-in-review report from Tenable’s Security Reaction Team found that 18,358 CVEs were documented in 2020, whilst only 17,305 were claimed the previous calendar year.

    Although the enhance involving 2019 and 2020 might feel slight, the group observed that from 2015 to 2020, the number of CVEs described rose 183%, from 6,487 to 18,358.

    “For the last a few years, we have observed about 16,000 CVEs claimed annually—reflecting a new normal for vulnerability disclosures,” pointed out scientists.

    Among the 2020 vulnerabilities disclosed ended up 29 Tenable determined as web-new zero-day vulnerabilities. Of the 29 vulnerabilities, above 35% had been browser-associated vulnerabilities, whilst almost 29% were within just operating units. Font libraries have been also well-liked, accounting for approximately 15% of zero-day vulnerabilities.

    Examining at which points in the year critical CVEs have been documented, researchers uncovered what they termed a “CVE Period” that coincided with summertime.

    “Summer 2020—from June to August—was especially exclusive for equally the sheer volume and number of critical CVE disclosures,” mentioned researchers. “547 flaws ended up disclosed in the summer time months, which include big disclosures in F5, Palo Alto Networks, PulseSecure, vBulletin and far more.”

    An analysis of the CVE knowledge for breach tendencies discovered that from January via October 2020, 730 publicly disclosed activities resulted in the exposure of around 22 billion records. Of the industries impacted by breaches, healthcare and education produced up the greatest share, accounting for 25% and 13% of the breaches.

    Federal government and the technology industry had been also preferred targets, accounting for 12.5% and 15.5% of the breaches respectively.

    Ransomware was found to be the most well known attack vector in 2020, currently being cited in 259 incidents. Email compromise was the trigger of 105 breaches, whilst unsecured facts led to 83 security incidents. For 179 information breaches, the root result in was unidentified.

    The coronavirus pandemic was applied time and once again by cyber-attackers to entice their victims. By the initially two months of April, 41% of organizations experienced expert at least one particular company-impacting cyber-attack ensuing from COVID-19 malware or phishing techniques.