Organisations Urged to Act Quickly as Cybercriminals Plan Attack in Six Days, Says Positive Technologies

Published:

Positive Technologies Warn Organizations of Impending Cybersecurity Threat

Positive Technologies has issued a warning to organisations, stating they have just six days until cybercriminals potentially strike. A recent study by Positive Technologies revealed that vulnerability exploitation has been one of the top three most popular attack methods on organisations for the past five years. In fact, in 2022-2023, over 2,700 companies worldwide had their confidential data stolen by attackers exploiting just one vulnerability.

According to Fedor Chunizhekov, Head of Security Analytics at Positive Technologies, cybercriminals are increasingly attracted to vulnerability exploitation, with about one-third of all successful cyberattacks being attributed to this method. On average, an experimental exploit becomes available within six days of a critical vulnerability disclosure, leading to discussions on dark web forums and the development of ready-to-use exploits for mass attacks.

The study also highlighted commonly mentioned vulnerabilities in popular products such as WinRAR, Fortinet, and the Java-based Spring Framework. Messages discussing remotely exploited vulnerabilities make up 70% of cybercriminal discussions on the dark web.

Delaying vulnerability fixes can have serious consequences for organisations, as evidenced by previous incidents where data was stolen, websites were defaced, and ransomware attacks occurred due to exploitation of vulnerabilities.

To prevent the exploitation of vulnerabilities and potential cyberattacks, experts recommend that organisations regularly inventory and classify their assets, prioritize assets based on importance and vulnerability severity, conduct security analyses, and closely monitor the dark web for threats. It is crucial for organisations to set realistic timelines for vulnerability remediation and closely monitor the patching process to ensure their IT infrastructure remains secure.

Related articles

Recent articles