“Notably, a number of the incidents Rapid7 teams observed in 2024 where vulnerability exploitation was initially thought to be in scope turned out to instead stem from adversaries’ use of compromised credentials, rather than CVE exploitation,” Caitlin Condon, director of vulnerability intelligence at Rapid7, told CSO.
Where vulnerabilities did lead to breaches, according to Rapid7’s managed detection and response (MDR) team, this resulted from older bugs rather than 0-days.
“A slim majority of vulnerabilities Rapid7 MDR and incident response teams saw exploited in real-world production environments last year were CVEs that were new in 2024 and had known exploits available,” Condon told CSO. “The rest of the confirmed CVE exploitation our teams observed against production systems were older vulnerabilities that had previously been used in highly publicized threat campaigns.”